Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach.

Syed Ghazanfar Abbas,Faisal Hussain,Ghalib A Shah,Shahzaib Zahid,Enrico Cambiaso,Taimur Bakhshi,Ubaid Ullah Fayyaz,Ivan Vaccari

doi:10.3390/s21144816

Abstract

Internet of things (IoT) is a technology that enables our daily life objects to connect on the Internet and to send and receive data for a meaningful purpose. In recent years, IoT has led to many revolutions in almost every sector of our society. Nevertheless, security threats to IoT devices and networks are relentlessly disruptive, because of the proliferation of Internet technologies. Phishing is one of the most prevalent threats to all Internet users, in which attackers aim to fraudulently extract sensitive information of a user or system, using fictitious emails, websites, etc. With the rapid increase in IoT devices, attackers are targeting IoT devices such as security cameras, smart cars, etc., and perpetrating phishing attacks to gain control over such vulnerable devices for malicious purposes. In recent decades, such scams have been spreading, and they have become increasingly advanced over time. By following this trend, in this paper, we propose a threat modelling approach to identify and mitigate the cyber-threats that can cause phishing attacks. We considered two significant IoT use cases, i.e., smart autonomous vehicular system and smart home. The proposed work is carried out by applying the STRIDE threat modelling approach to both use cases, to disclose all the potential threats that may cause a phishing attack. The proposed threat modelling approach can support the IoT researchers, engineers, and IoT cyber-security policymakers in securing and protecting the potential threats in IoT devices and systems in the early design stages, to ensure the secure deployment of IoT devices in critical infrastructures.

Highlights

Internet of things (IoT) is a network of smart objects that can be connected through the Internet, to anonymously share data and resources
With the widespread adoption of insecure IoT devices, phishing has become a major threat for all Internet users
The attention paid by attackers to phishing has increased, as it can be performed by exploiting vulnerabilities in the emerging context of

Summary

Introduction

Internet of things (IoT) is a network of smart objects that can be connected through the Internet, to anonymously share data and resources. In recent years, the limited security measures led to several attacks on IoT devices. Such attacks are increasing with the growth in available IoT devices [4]. This is because the manufacturers intensively focus on the production of IoT devices, without giving proper importance to the security perspective, due to increased consumer demand and high levels of competition from vendors [5]. Hackers exploit the weaknesses of IoT devices, gain control over IoT devices and perform malicious activities, such as botnet attacks, exposure of valuable and confidential information, etc., which causes financial loss [6]

Objectives

Methods

Results

Conclusion