Threat Modeling of Internet of Things Health Devices

For a number of health conditions, the number of Internet of Things (IoT) devices available for self and remote monitoring are growing rapidly, and users are also increasing. In the same vein, cyber criminals are putting lots of effort into making these devices unsafe for users, and this has generated growing privacy concerns for both users and manufacturers. In this article, a threat model is designed for selected IoT health devices. Based on the device assets and access points, device threats were identified using the STRIDE model and ranked using a threat-risk ranking model called DREAD. Some countermeasures to mitigate each of the identified threats in the selected devices were also proposed. A Web system that presents the model was created and enables the users of devices, manufacturers, and professionals to view possible threats and severity based on the devices' risk scores. This model will benefit both the designers and users of health IoT devices in improving products' security and understanding devices' privacy risk, respectively.