Software Cybersecurity Risks on Embedded Devices/IoT
MITRE has applied its ATT&CK model to enterprise networks, mobile devices and critical infrastructure. However, one area is still weak in terms of the formal classification of threads: embedded devices. For this, they have released the EMB3D threat map, and which integrates the ATT&CK framework and CVE (Common Vulnerabilities) and CWE (Common Weakness Enumeration) data sources [here]:
In this, we split the threats into the classifications of application software, system software, hardware and networking [here]:
There are then 24 software risks:
This can be illustrated with: