Module 7: Cloud, Mobile,

and IoT Security

Ethical Hacker
Module Objectives
Module Title: Cloud, Mobile, and IoT Security
Module Objective: Explain how to exploit cloud, mobile, and IoT security vulnerabilities.

Topic Title Topic Objective

Researching Attack Vectors and Performing

Explain how to attack cloud technologies.
Attacks on Cloud Technologies
Explaining Common Attacks and Vulnerabilities Explain common attacks against specialized
Against Specialized Systems systems.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
7.1 Researching Attack
Vectors and Performing
Attacks on Cloud Technologies

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Researching Attack Vectors and Performing Attacks on Cloud Technologies
Overview
• Another trend that poses new security challenges is the migration of computing resources, data, and
software to the cloud.
• The cloud presents a network without a perimeter, there is no border between a traditional internal
network and external users as there is when resources are housed on-site.
• This lack of perimeter increases reliance on access control, cloud configuration, and network
architecture for security. In addition, cloud applications and data are exposed to the internet via
application programming interfaces (API).
• Mobile and IoT devices often communicate with applications hosted in the cloud. All these technologies
and architectures increase the attack surface and introduce a variety of cybersecurity risks.
• Cloud computing security includes many of the same functionalities as traditional IT security, including
protecting critical information from theft, data exfiltration, and deletion, as well as privacy.
• The National Institute of Standards and Technology (NIST) authored Special Publication (SP) 800-145,
“The NIST Definition of Cloud Computing,” to provide a standard set of definitions for the different
aspects of cloud computing.
• Cloud computing can be broken into the following three basic models:
• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Researching Attack Vectors and Performing Attacks on Cloud Technologies
Credential Harvesting
• Credential harvesting (or password harvesting) is the act of gathering and stealing valid usernames,
passwords, tokens, PINs, and any other types of credentials through infrastructure breaches.
• One of the most common ways that attackers perform credential harvesting is by using phishing and
spear phishing emails with links that could redirect a user to a bogus site.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Researching Attack Vectors and Performing Attacks on Cloud Technologies
Credential Harvesting (Cont.)
• These steps show how easy it is to perform a social engineering attack and instantiate a fake website (in
this case, a fake Twitter login site) to perform a credential harvesting attack.
• Step 1. Launch SET by entering the setoolkit command.
• Step 2. Select 1) Social-Engineering Attacks from the main menu.
• Step 3. In the menu that appears, select 2) Website Attack Vectors.
• Step 4. In the menu and explanation that appear next, select 3) Credential Harvester Attack
Method.
• Step 5. In the menu that appears next select 1) Web Templates to use a predefined web template
(Twitter).
• Step 6. In the menu, enter the IP address of the host that you would like to use to harvest the user
credentials (in this case, 192.168.88.225).
• Step 7. Select 3. Twitter

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Researching Attack Vectors and Performing Attacks on Cloud Technologies
Credential Harvesting (Cont.)

• You can then redirect users to this fake

Twitter site by sending a spear phishing
email or taking advantage of web
vulnerabilities such as cross-site scripting
(XSS) and cross-site request forgery
(CSRF).

Attackers have been known to harvest cloud service provider credentials once they get into their
victims’ systems. Different threat actors have extended their credential harvesting capabilities to target
multiple cloud and non-cloud services in victims’ internal networks and systems after the exploitation of
other vulnerabilities.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Researching Attack Vectors and Performing Attacks on Cloud Technologies
Privilege Escalation
• Privilege escalation is the act of exploiting a bug or design flaw in a software or firmware application
to gain access to resources that normally would have been protected from an application or a user.
This results in a user gaining additional privileges beyond what the application developer originally
intended.

• Attackers take advantage of this to gain access to protected areas of operating systems or to
applications (for example, reading another user’s email without authorization).

• These are two different types of privilege escalation:

• Vertical Privilege Escalation - This type of privilege escalation, also called privilege elevation,
occurs when a lower-privileged user accesses functions reserved for higher-privileged users.
• Horizontal Privilege Escalation - This type of privilege escalation occurs when a normal user
accesses functions or content reserved for other normal users.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Researching Attack Vectors and Performing Attacks on Cloud Technologies
Account Takeover
• In an account takeover, the threat actor gains access to a user or application account and uses it to
then gain access to more accounts and information. There are different ways that an account
takeover can happen in the cloud.

• There are a number of ways to detect account takeover attacks.

• Login location
• Failed login attempts
• Lateral phishing emails
• Malicious Oauth, SAML, or OpenID Connect connections
• Abnormal file sharing and downloading

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Researching Attack Vectors and Performing Attacks on Cloud Technologies
Metadata Service Attacks
• When an application requires access to specific assets, it can query the metadata service to get a set
of temporary access credentials.

• This temporary set of credentials can then be used to access services such as AWS Simple Cloud
Storage (S3) buckets and other resources.

• Metadata services are some of the most attractive services on AWS for an attacker to access.

• If you are able to access these resources, at the very least, you will get a set of valid AWS credentials
to interface with the API.

• Software developers often include sensitive information in user startup scripts.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Researching Attack Vectors and Performing Attacks on Cloud Technologies
Attacks Against Misconfigured Cloud Assets
• Attackers can leverage misconfigured cloud assets in a number of ways:
• Identity and Access Management (IAM) implementations - If an attacker is able to manipulate a
cloud-based IAM solution in an IaaS or PaaS environment, it could be catastrophic for the cloud
consumer,

• Federation Misconfigurations - Federated authentication (or federated identity) is a method of

associating a user’s identity across different identity management systems. Often application
developers misconfigure the implementation of the underlying protocols used in a federated
identity environment (such as SAML, OAuth, and OpenID).

• Object Storage - Insecure permission configurations for cloud object storage services, such as
Amazon’s AWS S3 buckets, are often the cause of data breaches.

• Containerization Technologies - Attacks against container-based deployments (such as Docker,

Rocket, LXC, and containerd) have led to massive data breaches. Often attackers use stolen
credentials or known vulnerabilities to compromise cloud-based applications.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Researching Attack Vectors and Performing Attacks on Cloud Technologies
Resource Exhaustion and DoS Attacks
• One of the benefits of leveraging cloud services is the distributed and resilient architecture that most
leading cloud providers offer.
• This architecture helps minimize the impact of a DoS or distributed denial-of-service (DDoS) attack
compared to what it would be if you were hosting your application on premises in your data center.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Researching Attack Vectors and Performing Attacks on Cloud Technologies
Resource Exhaustion and DoS Attacks (Cont.)
• Attackers can launch more strategic DoS attacks against applications hosted in the cloud that could
lead to resource exhaustion.

• Another example of a DoS attack that can affect cloud environments is the direct-to-origin (D2O)
attack.

• In a D2O attack, threat actors are able to reveal the origin network or IP address behind a content
delivery network (CDN) or large proxy placed in front of web services in a cloud provider.

• A D2O attack could allow attackers to bypass different anti-DDoS mitigations.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Researching Attack Vectors and Performing Attacks on Cloud Technologies
Cloud Malware Injection Attacks
• Cloud deployments are susceptible to malware injection attacks.

• In a cloud malware injection attack, the attacker creates a malicious application and injects it into a
SaaS, PaaS, or IaaS environment.

• Once the malware injection is completed, the malware is executed as one of the valid instances
running in the cloud infrastructure.

• Subsequently, the attacker can leverage this foothold to launch additional attacks, such as covert
channels, backdoors, eavesdropping, data manipulation, and data theft.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Researching Attack Vectors and Performing Attacks on Cloud Technologies
Side-Channel Attacks
• Side-channel attacks are often based on information gained from the implementation of the
underlying computer system (or cloud environment) instead of a specific weakness in the
implemented technology or algorithm.

• The attacker aims to gather information from or influence an application or a system by measuring or
exploiting indirect effects of the system or its hardware.

• Most side-channel attacks are used to exfiltrate credentials, cryptographic keys, and other sensitive
information by measuring coincidental hardware emissions.

• Side-channel attacks can be used against VMs and in cloud computing environments where a
compromised system controlled by the attacker and target share the same physical hardware.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Researching Attack Vectors and Performing Attacks on Cloud Technologies
Tools and Software Development Kits (SDKs)
• Documents such as Swagger and the OpenAPI Specification documents can help you greatly when
you are assessing API implementations.

• Software development kits (SDKs) and cloud development kits (CDKs) can provide great insights
about cloud-hosted applications, as well as the underlying infrastructure.

• An SDK is a collection of tools and resources to help with the creation of applications (on premises or
in the cloud).

• CDKs, on the other hand, help software developers and cloud consumers deploy applications in the
cloud and use the resources that the cloud provider offers.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
7.2 Explaining Common
Attacks and Vulnerabilities
Against Specialized Systems

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Overview

• In this section, you will learn about a variety of attacks against mobile devices, Internet of Things
(IoT) devices, data storage system vulnerabilities, vulnerabilities affecting VMs, and containerized
applications and workloads.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Attacking Mobile Devices

• Attackers use various techniques to compromise mobile devices:

• Reverse Engineering - The process of analyzing the compiled mobile app to extract
information about its source code could be used to understand the underlying architecture of
a mobile application and potentially manipulate the mobile device.
• Sandbox Analysis - iOS and Android apps are isolated from each other via sandbox
environments. Sandboxes in mobile devices are a mandatory access control mechanism
describing the resources that a mobile app can and can’t access. An attacker could perform
detailed analysis of the sandbox implementation in a mobile device to potentially bypass the
access control mechanisms.
• Spamming – SMS attacks continue to be some of the most common attacks against mobile
users. In such an attack, a user may be presented with links that could redirect to malicious
sites to steal sensitive information or install malware.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Attacking Mobile Devices (Cont.)
• The following are some of the most prevalent vulnerabilities affecting mobile devices:
• Insecure storage - Mobile app developers often do not use these secure storage APIs
successfully, and an attacker could leverage these vulnerabilities.
• Passcode vulnerabilities and biometrics integrations - Vulnerabilities in these integrations
could lead to sensitive data exposure and full compromise of the mobile device.
• Certificate pinning - The idea is to force the mobile app to store the server certificate or
public key and subsequently establish connections only to the trusted/known server (referred
to as “pinning” the server). The goal of certificate pinning is to reduce the attack surface by
removing the trust in external CAs.
• Using known vulnerable components - Attackers may leverage known vulnerabilities against
the underlying mobile operating system, or dependency vulnerabilities (that is, vulnerabilities
in dependencies of a mobile application).
• Execution of activities using root and over-reach of permissions - Application developers
must practice the least privilege concept.
• Business logic vulnerabilities - An attacker can use legitimate transactions and flows of an
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
application in a way that results in a negative behavior or outcome.
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Attacking Mobile Devices (Cont.)
• These are some of the tools most commonly used to perform security research and test the
security posture of mobile devices:
• Burp Suite
• Drozer
• needle
• Mobile Security Framework (MobSF)
• Postman
• Ettercap
• Frida
• Objection
• Android SDK tools
• ApkX
• APK Studio

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Attacking Internet of Things (IoT) Devices
• IoT is an incredibly broad term that can be applied across personal devices, industrial control systems (ICS),
transportation, and many other businesses and industries.

• Managing and orchestrating IoT systems introduces additional complexity due to disparate hardware and
software, the use of legacy technologies, and, often, multiple vendors and integrators.

• IoT platforms must integrate a wide range of IoT edge devices with varying device constraints and must be
integrated to back-end business applications.

• IoT environments span a range of components that include sensors, gateways, network connectivity,
applications, and cloud infrastructure.

• The unfortunate reality is that most IoT security efforts today focus on only a few elements of the entire
system. A secure IoT platform should provide the complete end-to-end infrastructure to build an IoT solution,
including the software, management, and security to effectively collect, transform, transport, and deliver data
to provide business value.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Analyzing IoT Protocols
Some of the most common network protocols for IoT implementations include the following:

• Wi-Fi
• Bluetooth and Bluetooth Low Energy (BLE)
• Zigbee
• Z-Wave
• LoraWAN
• Insteon
• Modbus
• Siemens S7comm (S7 Communication)

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Analyzing IoT Protocols (Cont.)
• Bluetooth Low Energy (BLE) is used by IoT home devices, medical, industrial, and government
equipment.
• You can analyze protocols such as BLE by using specialized antennas and equipment such as the
Ubertooth One. BLE involves a three-phase process to establish a connection:
Phase 1. Pairing feature exchange
Phase 2. Short-term key generation
Phase 3. Transport-specific key distribution

• BLE implements a number of cryptographic functions.

• It supports AES for encryption and key distribution exchange to share different keys among the BLE-
enabled devices.
• However, many devices that support BLE do not even implement the BLE-layer encryption.
• In addition, mobile apps cannot control the pairing, which is done at the operating system level.
• Attackers can scan BLE devices or listen to BLE advertisements and leverage these
misconfigurations.
• Then they can advertise clone/ fake BLE devices and perform on-path (formerly known as man-in-
the-middle) attacks.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
IoT Security Special Considerations
• These are a few special considerations to keep in mind when trying to secure IoT implementations:

• Fragile Environment - Many IoT devices (including sensors and gateways) have limited compute
resources. Because of this lack of resources, some security features, including encryption, may not
even be supported in IoT devices.

• Availability Concerns - DoS attacks against IoT systems are a major concern.

• Data Corruption - IoT protocols are often susceptible to input validation vulnerabilities, as well as
data corruption issues.

• Data Exfiltration - IoT devices could be manipulated by an attacker and used for sensitive data
exfiltration.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Common IoT Vulnerabilities
• These are some of the most common security vulnerabilities affecting IoT implementations:

• Insecure defaults - Default credentials and insecure default configurations are often concerns with
IoT devices. You will find hundreds of IoT devices with default credentials and insecure
configurations exposed on the Internet.

• Plaintext communication and data leakage - Even if encryption is supported, many IoT devices fail to
implement encrypted communications, and an attacker could easily steal sensitive information.

• Hard-coded configurations - Often IoT vendors sell their products with hard-coded insecure
configurations or credentials.

• Outdated firmware/hardware and the use of insecure or outdated components - Many organizations
continue to run outdated software and hardware in their IoT devices. In some cases, some of these
devices are never updated!

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Data Storage System Vulnerabilities
• IoT architectures extend from IoT endpoint devices (things) to intermediary “fog” networks and cloud
computing.
• Gateways and edge nodes are devices such as switches, routers, and computing platforms that act as
intermediaries (“the fog layer”) between the endpoints and the higher layers of the IoT system.
• The IoT architectural hierarchy high-level layers:

Figure 7-4 - IoT Architecture

Layers

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Data Storage System Vulnerabilities (Cont.)
• The following are some of the most common misconfigurations of IoT devices and cloud-based solutions:

• Default/blank username/password – Hardcoded or default credentials are often left in place by

administrators and in some cases by software developers, exposing devices or the cloud
environment to different attacks.

• Network exposure – Many IoT, ICS, and SCADA systems should never be exposed to the Internet.

• Lack of user input sanitization - Input validation vulnerabilities in protocols such as Modbus, S7
Communication, DNP3, and Zigbee could lead to DoS and code execution.

• Underlying software vulnerabilities and injection vulnerabilities – Attackers can inject malicious SQL
statements after “escaping input” by using the single quote method. IoT systems can be susceptible
to similar vulnerabilities.

• Error messages and debug handling - Many IoT systems include details in error messages and
debugging output that can allow an attacker to obtain sensitive information from the system and
underlying network.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Management Interface Vulnerabilities
• The Intelligent Platform Management Interface (IPMI) is a collection of compute interface specifications
(often used by IoT systems) designed to offer management and monitoring capabilities independently of
the host system’s CPU, firmware, and operating system.

• System administrators can use IPMI to enable out-of-band management of computer systems (including
IoT systems) and to monitor their operation.

• An IPMI subsystem includes a main controller, called a baseboard management controller (BMC), and
other management controllers, called satellite controllers.

• The satellite controllers within the same physical device connect to the BMC via the system interface
called Intelligent Platform Management Bus/Bridge (IPMB).

• The BMC, which has direct access to the system’s motherboard and other hardware, may be leveraged to
compromise the system.

• If you compromise the BMC, it will provide you with the ability to monitor, reboot, and even potentially
install implants (or any other software) in the system.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Exploiting Virtual Machines

• A VM is supposed to be a completely isolated system. One VM should not have access to resources and
data from another VM unless that is strictly allowed and configured.

• The hypervisor is the entity that controls and manages the VMs. There are two types of hypervisors:
• Type 1 hypervisors (also known as native or bare-metal hypervisors) run directly on the physical
(bare-metal) system. Type 2, or hosted, hypervisors run on top of other operating systems. These
virtual systems have been susceptible to many vulnerabilities, including the following:
• VM escape vulnerabilities: These vulnerabilities allow an attacker to “escape” the VM and obtain
access to other virtual machines on the system or access to the hypervisor.
• Hypervisor vulnerabilities such as hyperjacking: Hyperjacking is a vulnerability that could allow an
attacker to control the hypervisor. Hyperjacking attacks often require the installation of a malicious
(or “fake”) hypervisor that can manage the entire virtual environment.
• VM repository vulnerabilities: Attackers can leverage these vulnerabilities to compromise many
systems and applications. There are many public and private VM repositories that users can
leverage to deploy VMs. Attackers have found ways to upload fake or impersonated VMs with
malicious software and backdoors.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Vulnerabilities Related to Containerized Workloads
• Computing has evolved from traditional physical (bare-metal) servers to VMs, containers, and serverless
architectures.

Figure 7-7 - The Evolution of Computing

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Vulnerabilities Related to Containerized Workloads (Cont.)
• Vulnerabilities in applications and in open-source software running in containers such as Docker, Rocket,
and containerd are often overlooked by developers and IT staff. Attackers may take advantage of these
vulnerabilities to compromise applications and data.
• Three key security best practices that organizations should use to create a secure container image:

Figure 7-8 -
Securing
Container Images

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Explaining Common Attacks and Vulnerabilities Against Specialized Systems
Vulnerabilities Related to Containerized Workloads (Cont.)

• Many tools allow you to scan Docker images for vulnerabilities and assess Kubernetes deployments. The
following are a few examples of these tools:

• Anchore’s Grype - Grype is an open-source container vulnerability scanner

• Clair – Another open-source container vulnerability scanner
• Dagda - This set of open-source static analysis tools can help detect vulnerabilities, Trojans,
backdoors, and malware in Docker images and containers
• kube-bench - This open-source tool performs a security assessment of Kubernetes clusters based
on the CIS Kubernetes Benchmark.
• kube-hunter - This open-source tool is designed to check the security posture of Kubernetes
clusters.
• Falco – A threat detection engine for Kubernetes

• Another strategy that threat actors have used for years is to insert malicious code into Docker images on
Docker Hub

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
7.3 Summary

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Summary
What Did I Learn in this Module?
• The cloud presents a network without a perimeter, there is no border between a traditional internal
network and external users as there is when resources are housed on-site.
• This lack of perimeter increases reliance on access control, cloud configuration, and network
architecture for security.
• Mobile and IoT devices often communicate with applications hosted in the cloud. All these
technologies and architectures increase the attack surface and introduce a variety of cybersecurity
risks.
• Cloud computing security includes many of the same functionalities as traditional IT security,
including protecting critical information from theft, data exfiltration, and deletion, as well as privacy.
• Cloud computing can be broken into the following three basic models:
• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Summary
What Did I Learn in this Module? (Cont.)
• Credential harvesting (or password harvesting) is the act of gathering and stealing valid usernames,
passwords, tokens, PINs, and any other types of credentials through infrastructure breaches.
• Privilege escalation is the act of exploiting a bug or design flaw in a software or firmware application to gain
access to resources that normally would have been protected from an application or a user.
• In an account takeover, the threat actor gains access to a user or application account and uses it to then
gain access to more accounts and information.
• When an application requires access to specific assets, it can query the metadata service to get a set of
temporary access credentials. This temporary set of credentials can then be used to access services such
as AWS Simple Cloud Storage (S3) buckets and other resources.
• Attackers can leverage misconfigured cloud assets.
• Attackers can launch strategic DoS attacks against applications hosted in the cloud that could lead to
resource exhaustion.
• In a cloud malware injection attack, the attacker creates a malicious application and injects it into a SaaS,
PaaS, or IaaS environment.
• Side-channel attacks are often based on information gained from the implementation of the underlying
computer system (or cloud environment) instead of a specific weakness in the implemented technology or
algorithm.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Summary
What Did I Learn in this Module? (Cont.)

• Attackers use various techniques to compromise mobile devices.

• A secure IoT platform should provide the complete end-to-end infrastructure to build an IoT solution,
including the software, management, and security to effectively collect, transform, transport, and deliver
data to provide business value.
• In the IoT world, you will frequently encounter custom, proprietary, or new network protocols.
• There are special considerations to keep in mind when trying to secure IoT implementations.
• There are many security vulnerabilities affecting IoT implementations.
• Misconfigurations in IoT on-premises and cloud-based solutions can lead to data theft.
• IoT implementations have suffered from many management interface vulnerabilities.
• Virtual machines have been susceptible to many vulnerabilities.
• Vulnerabilities in applications and in open-source software running in containers are often overlooked
by developers and IT staff. Attackers may take advantage of these vulnerabilities to compromise
applications and data.
• A number of tools allow you to scan Docker images for vulnerabilities and assess Kubernetes
deployments.

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Summary
Reflection Questions

• New technologies can improve our lives, but this comes at a cost. The internet of things (IoT) connects
many devices that can lower costs and improve efficiency to the internet. These devices are small and
often have limited computer processing capability. However, they can host server software and
command line utilities. What is the impact of connecting hundreds of thousands of IoT devices to the
internet?

• Technologies such as the cloud, virtual machines, and containerized services add flexibility and power
to software deployments. However, so much flexibility can cause problems. Why does widespread
adoption of cloud services present challenges for security experts?

• What is the responsibility of ethical hackers as regards IoT, cloud, and containerized services?

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44