Application Security

An overview of threat modeling in IoT environments

IoT (Internet of Things) devices are increasingly present in our daily lives, from smartwatches to industrial control systems. However, as the number of internet-connected devices increases, so do the cybersecurity risks.

This is the first of a series of three articles that will address security topics related to IoT. This first article aims to provide a brief introduction to the subject, discussing the most common vulnerabilities as well as providing a practical view on how to perform a threat modeling in an IoT environment example.

The main difficulty in implementing security in IoT devices is the lack of attention to security during the design and development of connected devices. Many IoT devices are designed with a focus on functionality and convenience, neglecting security issues. Additionally, most of these devices have limited resources, such as processing power and memory, making this implementation even more complex.

Common vulnerabilities in IoT networks

To assess and mitigate risks involved in the development of an IoT device, it is necessary to know a little about the main vulnerabilities associated with this type of environment.

According to OWASP IoT Top 10, among the most common risks in IoT devices are:

  1. Weak Guessable, or Hard-coded Passwords
  2. Insecure Network Services
  3. Insecure Ecosystem Interfaces
  4. Lack of Secure Update Mechanism
  5. Use of Insecure or Outdated Components
  6. Insufficient Privacy Protection
  7. Insecure Data Transfer and Storage
  8. Lack of Device Management
  9. Insecure Default Settings
  10. Lack of Physical Hardening

These vulnerabilities can be exploited by malicious actors to access confidential information, remotely control devices, or even cause physical harm, posing a real cybersecurity threat to its users. 

To mitigate these attacks, it is important to implement security measures, such as strong authentication, data encryption, frequent software updates, and continuous network monitoring.

Threat Modeling in IoT

An effective way to mitigate the risks presented is by conducting a threat modeling early in the project.

In this article, we will focus on threat modeling specifically for IoT. To learn more about the topic of threat modeling in a general context, it is possible to read several related articles on our blog.

Threat modeling in an IoT system can be done by following these steps:

Asset Identification: Determine all important assets in the IoT system, including devices, sensors, networks, data, and servers.

Risk Analysis: Evaluate the potential impact of each threat to the identified assets and classify them based on their severity.

Threat Identification: Identify all potential threats to the system, including internal and external threats, such as denial of service attacks, privacy invasion, and/or data theft.

Threat Modeling: Draw a visual model of the threats, including the assets, vulnerabilities, and attack vectors. This will allow for a clear and easily understandable visualization of the system and help identify weak points and critical vulnerabilities.

A practical example

We will use as an example an IoT system that monitors temperature in a food storage facility, which may seem like a simple thermometer at first glance, but in most cases, this system is much more complex, including features such as communication with cloud servers, exchanging information with mobile devices through the Bluetooth network, and using protocols such as MQTT and/or CoAP.

Considering this environment, the threat model could be created as follows:


  • Temperature monitoring devices
  • Wireless network
  • Data storage server
  • Mobile devices

Risk analysis: 

  • The threat of a temperature monitoring failure may result in food loss and financial impact
  • The threat of network intrusion may result in theft of sensitive data

Threat identification: 

  • Hardware failure (fault injection attacks and/or side channel attacks)
  • Signal interference possibility (jamming)
  • Man-In-The-Middle attacks
  • Injection of commands into the database

Threat modeling: 

The model should include all the assets in your architecture, from temperature monitoring devices connected to the wireless network, which transmit data to a data storage server to the means of communication. Thus, the architecture diagram would look as follows:

With this approach, it is possible to determine the threats according to each component, for example:

1 – IoT device (thermometer)

  • Fault Injection
  • Side Channel

2 – MQTT

  • Unauthorized access
  • Possibility of Man-In-The-Middle attacks

3 – Cloud storage

  • Information exposed on the internet

4 – Mobile application

  • Possibility of reverse engineering

5 – Bluetooth

  • Jamming
  • Bluetooth spoofing

Having done this, threats should now be classified and their criticalities determined. Methodologies such as STRIDE and DREAD can be used at this stage.

Risk mitigation: Based on the threat model, identify the measures that can be taken to mitigate the identified risks, such as data encryption in transit and at rest, implementation of anti-tampering mechanisms, development of strong authentication, regular software updates, and continuous security monitoring.

Testing and validation: Testing the implemented mitigations to ensure they are working correctly and protecting against identified threats. At this point, we recommend consulting the OWASP ISVS project, which consists of a series of security requirements to be tested in IoT environments and thus minimize the attack surface as much as possible.

Continuous update: Threat modeling is not a definitive solution and should be regularly reviewed to ensure that it is up to date with new threats and vulnerabilities.

In this case, like all systems, security in IoT systems is a complex and constantly evolving subject, so it is important to implement solid security measures and update them regularly to ensure protection against threats.

Conclusion on Threat Modeling in IoT Environment

Threat modeling in IoT devices can be used as an important and effective technique to ensure the security of data and connected devices. By correctly implementing security measures from the beginning of their development, the privacy and security of these devices can be guaranteed, allowing these devices to continue to facilitate our lives and transform the way we connect with the world around us.

The bibliographic references include recent studies and research on security in IoT devices.

Some examples include the study “A Survey on IoT Security: Threats, Challenges, and Solutions” de M. Hossain et al. (2017) and the article “IoT Security: A Review of Existing Protocols and Future Directions” de A. Alrabeiah e S. Alshammari (2019), Hands-on Internet of Things Hacking – Payatu. 

These studies present a comprehensive view of the threats to IoT devices and offer solutions and directions to ensure the security of these devices.


Daniel Guedes – Information Security Analyst
Wendel Freitas – Analista de segurança Pl
Matheus Cezar – Cyber Security Analyst
Rafael Santos – Analista de Segurança

Nova call to action
About author


A team of professionals, highly connected on news, techniques and information about application security
Related posts
Application Security

Finding classes for exploiting Unsafe Reflection / Unchecked Class Instantiation vulnerabilities in Java with Joern

During a pentest engagement we found a Java application vulnerable to unsafe reflection [1]. This…
Read more
Application Security

Mitigating Vulnerabilities: Elevating Security Proficiency in Software Development

In the ever-evolving digital landscape, the significance of software security cannot be overstated.
Read more
Application Security

The Importance of Supply Chain to Application Security

When we think about software development, we usually think about complex technical concepts…
Read more

Deixe um comentário