Skip to main content

4.1 Device Vulnerabilities and Attacks

Topic 4.1: Device Vulnerabilities and Attacks

Computing devices are integral to modern life and come in many forms, each with its own purpose and potential vulnerabilities. These include server computers that provide services to other devices; personal computers like desktops and laptops used for individual work; handheld computers such as smartphones and tablets; and embedded computers, which are specialized systems within larger machines. Devices with embedded computers are often referred to as Internet of Things (IoT) devices and are found in everything from cars and medical equipment to household appliances.

These devices are primary targets for malware, which is any software designed to harm, disrupt, or grant an adversary unauthorized access. There are many types of malware, each behaving differently:

  • Viruses: Malicious code that attaches to a legitimate file and requires user interaction, like opening the file, to activate and spread.
  • Worms: Self-replicating malware that can spread from one computer to another across a network without any human interaction.
  • Trojans: Malware disguised as legitimate software. A Remote Access Trojan (RAT) is a specific type that gives an adversary remote control over the infected device.
  • Ransomware: Encrypts the files on a device, making them inaccessible to the user. The adversary then demands a ransom payment in exchange for the decryption key.
  • Spyware: Secretly monitors a user's activity on a device and sends that information back to an adversary. A keylogger is a form of spyware that records every keystroke a user makes.
  • Logic Bombs: Malicious code that is programmed to execute only when a specific set of conditions are met, such as on a particular date or after a certain event.
  • Rootkits: Highly sophisticated malware that embeds itself deep within a device's operating system, allowing it to gain high-level privileges and hide its presence from detection.
  • Fileless Malware: A type of malicious code that exists only in a computer's RAM (Random Access Memory) and leverages legitimate, built-in system tools to carry out its attack, making it very difficult to detect with traditional file-based scanning.

Adversaries exploit common device vulnerabilities to deploy this malware or to cause other forms of damage. Devices with unpatched software or operating systems are vulnerable to known exploits. Weak authentication, such as easy-to-guess passwords, provides a simple entry point. Physical access can also lead to compromise; if a device's BIOS or UEFI is not password-protected, an adversary can boot it from an external drive to bypass security controls. Similarly, if autorun for external media is enabled, simply inserting a malicious USB drive can execute malware. Open network ports, misconfigured firewalls, and the absence of anti-malware software all create opportunities for adversaries.

The risk from these vulnerabilities varies depending on the device's function and the data it stores. A high risk might involve an unpatched email server that handles sensitive company communications. A moderate risk could be an industrial control system that uses only a simple password for remote access without requiring multi-factor authentication. A low risk might be an employee's laptop with an unnecessary but non-critical port left open. A thorough risk assessment is necessary to identify and prioritize these vulnerabilities for mitigation.