205
Entity. Attacker alters sensor
device so that monitoring of
a Physical Entity fails.actuator.Loss or theft of device
containing private
informationIntermediary
devicesCompromised intermediary devices alter traversing
data.Intermediary devices
behave maliciously and
clients are not able to report
the fact.Information re-routing by
intermediary device so that
it ends up at an unintended
destination.Assisting intermediary
devices are no longer
usable.Backend ServicesUsurpation of administrator role. Massive disclosure of collected data. Backend service is made unavailable.Backend account hacked.InfrastructureServicesAttacker impersonates
infrastructure services and
compromises IoT
functionalities and/or other
dependent infrastructure
services.Attacker poisons
infrastructure databases
and/or alters outgoing
information.Disclosure of private
services (existence &
description).Attacker denies legitimate
users access to
infrastructure services.
Disclosure of access
policies.
Disclosure of Identities and
cryptographic material.Global
systems / facilitiesMassive disclosure of user information. Disruption of a global service.Table 14 : STRIDE classification (horizontal) of the identified risks broken down by the elements to be protected (vertical).