Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Device security is unique because the adversary often has physical access. A mobile attacker can jailbreak the device; an IoT attacker can desolder flash chips and read firmware; a hardware attacker can probe voltage rails or fault-inject. The threat model has to account for 'attacker holds the device' as a normal case.
Mobile threat surface: user installs malicious app, attacker steals device, malware sideloaded via USB. IoT: firmware extracted from flash, RF traffic intercepted, supply-chain compromise at factory. Hardware: glitching, side-channel power analysis, decapping the chip.
Use these three in order. Each builds on the one before.
In one paragraph, contrast device security with web/system security threat models.
Walk me through threat-modelling a consumer IoT product.
Design a threat model for a high-stakes device (medical, automotive, industrial).