Table of Contents

Vulnerabilities in IoT Systems

In order to secure IoT systems to data confidentiality, privacy, and integrity, it is important to understand the various vulnerabilities or security weaknesses of IoT systems that cybercriminals can exploit. Most of the security vulnerabilities of IoT are found at the physical layer of the IoT reference architecture, which consists of the IoT devices. As discussed in the previous sections, IoT devices have limited computing and communication resources, making it difficult to implement strong security protocols and algorithms that can ensure that the confidentiality, integrity, availability, accountability, and nonrepudiation security requirements of IoT data and systems are satisfied. Hence, the security measures often designed and implemented to secure IoT data and systems are not sufficient, making IoT systems vulnerable to several types of cybersecurity attacks and more straightforward to compromise.

As IoT devices are being integrated into existing systems of businesses, personal devices, household systems, and critical infrastructure, they are becoming attractive targets for cybercriminals, making them vulnerable to constant attacks. Cybercriminals are often searching for security weaknesses (vulnerabilities) in IoT devices that they can exploit in order to steal or damage data, disrupt the quality of service, or coordinate the devices to conduct large-scale attacks such as DoD/DDoS attacks or any attack to compromise other systems, especially critical infrastructures.

Some Common IoT Vulnerabilities

Given the severe risk posed by security weaknesses in IoT systems to IoT services and other services in society, including the possibility of causing the loss of human lives or disrupting society, it is crucial to identify and address IoT security vulnerabilities before cybercriminals can exploit them. The proliferation of diverse IoT devices across various sectors in society with very little or no standardisation and regulation has increased IoT vulnerabilities and attack surfaces that cybercriminals can leverage to compromise the data collected using IoT devices and to compromise existing systems. Some of the IoT security vulnerabilities include the following (figure 1):

Some Common IoT Vulnerabilities
Figure 1: Some Common IoT Vulnerabilities

Security Strategies to Mitigate IoT Vulnerabilities

Although IoT vulnerabilities cannot all be eliminated, there are best practices that can be adopted to ensure that IoT vulnerabilities are not easily exploited to compromise IoT data and systems. Some of the security measures and techniques that can be adapted to harden IoT security and mitigate the risk of an IoT attack resulting from the exploitation of any of the IoT vulnerabilities include the following (figure 2):

Security Strategies to Mitigate IoT Vulnerabilities
Figure 2: Security Strategies to Mitigate IoT Vulnerabilities

[1] Bruno Rossi, Top 10 IoT Vulnerabilities and How to Mitigate Them, https://sternumiot.com/iot-blog/top-10-iot-vulnerabilities-and-how-to-mitigate-them/
[2] Bruno Rossi, Top 10 IoT Vulnerabilities and How to Mitigate Them, https://sternumiot.com/iot-blog/top-10-iot-vulnerabilities-and-how-to-mitigate-them/
[3] Anna Chung and Asher Davila, Risks in IoT Supply Chain, https://unit42.paloaltonetworks.com/iot-supply-chain/