November 2018
Intermediate to advanced
382 pages
11h 20m
English
Content preview from Practical Internet of Things Security - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Step 5 – document the threats
This step focuses on documenting the threats to the parking system:
|
Threat description #1 |
Parking thief charges legitimate customer for parking time by accessing that customer's account. |
|
Threat target |
Legitimate customer account credentials |
|
Attack techniques |
Social engineering, phishing, database compromises, MITM attacks (including those against cryptographic protocols) |
|
Countermeasures |
Require multifactor authentication on accounts used to access payment information |
|
Threat description #2 |
Parking thief receives free parking through unauthorized access to backend smart parking application. |
|
Threat target |
Parking application |
|
Attack techniques |
Application exploit; web server ... |