Egyptian Informatics Journal (Sep 2024)
Unmasking vulnerabilities by a pioneering approach to securing smart IoT cameras through threat surface analysis and dynamic metrics
Abstract
The concept of the Internet of Things (IoT) threat surface refers to the overall susceptibility of smart devices to potential security risks. This vulnerability includes the combined impact of security weaknesses, gaps in protective measures, and potential vulnerabilities within the device OS, installed libraries, and applications, as well as the infrastructure involved. This comprises both identified and unforeseen risks that could potentially compromise the device’s integrity, data, logs, and hosted applications. By minimizing the extent to which the device’s components are exposed, it becomes possible to reduce the vulnerabilities inherent in the device, thereby decreasing its overall threat surface area. This research introduces an innovative framework for assessing Smart IoT cameras within the ecosystem. This framework involves the identification and categorization of webcam devices, followed by an analysis of potential threats based on various exposure indicators present within each layer. Subsequently, this information is used to determine the possible paths through which a device might be compromised, allowing for the evaluation of severity and both maturity levels. The authors present metrics that aid in reevaluating and recalibrating the security levels, considering the discovered threat surface elements. These refined metrics offer a fresh perspective on security, offering valuable insights for stakeholders who are engaged in the development, deployment, and evaluation of the security aspects of such devices.