# OWASP IoT Top 10 2014

| [**OWASP IoT Top 10 2014**](https://www.owasp.org/index.php/Top_10_IoT_Vulnerabilities_\(2014\)) | [**OWASP IoT Top 10 2018 Mapping**](https://www.owasp.org/images/1/1c/OWASP-IoT-Top-10-2018-final.pdf)                                                                                 |
| ------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **I1 Insecure Web Interface**                                                                    | **I3 Insecure Ecosystem Interfaces**                                                                                                                                                   |
| **I2 Insufficient Authentication/Authorization**                                                 | <p><strong>I1 Weak, Guessable, or Hardcoded Passwords</strong><br></p><p><strong>I3 Insecure Ecosystem Interfaces</strong></p><p><br><strong>I9 Insecure Default Settings</strong></p> |
| **I3 Insecure Network Services**                                                                 | **I2 Insecure Network Services**                                                                                                                                                       |
| **I4 Lack of Transport Encryption/Integrity Verification**                                       | **I7 Insecure Data Transfer and Storage**                                                                                                                                              |
| **I5 Privacy Concerns**                                                                          | **I6 Insufficient Privacy Protection**                                                                                                                                                 |
| **I6 Insecure Cloud Interface**                                                                  | **I3 Insecure Ecosystem Interfaces**                                                                                                                                                   |
| **I7 Insecure Mobile Interface**                                                                 | **I3 Insecure Ecosystem Interfaces**                                                                                                                                                   |
| **I8 Insufficient Security Configurability**                                                     | **I9 Insecure Default Settings**                                                                                                                                                       |
| **I9 Insecure Software/Firmware**                                                                | <p><strong>I4 Lack of Secure Update Mechanism</strong><br><br><strong>I5 Use of Insecure or Outdated Components</strong></p>                                                           |
| **I10 Poor Physical Security**                                                                   | **I10 Lack of Physical Hardening**                                                                                                                                                     |