Internet of Things (IoT) Security Vulnerabilities: A Review


  • Rabie Ramadan Computer Engineering Department, Faculty of Engineering, Cairo University, Giza, Egypt.


Internet of Things, security, IoT, applications, physical security, smart cities


The Internet of Things (IoT) collects and processes data from remote locations, substantially increasing the productivity of dispersed systems or individuals. Due to the restricted budget available for power consumption, IoT devices usually lack advanced data encryption and device authentication.  The hardware components used in IoT devices are not high-end, and therefore, the integrity and security of the majority of IoT devices are in question. For instance, an adversary may include a Hardware Trojan (HT) during the manufacturing phase of IoT hardware devices to trigger data leakage or device failures in addition to other security issues. Here, we examine security risks to IoT in this paper, with a particular focus on attacks aimed at compromising the software, hardware, communication, and chip. 


. Farahani, S. (2011). ZigBee wireless networks and transceivers. newnes.

. Vidgren, N., Haataja, K., Patino-Andres, J. L., Ramirez-Sanchis, J. J., & Toivanen, P. (2013, January). Security threats in ZigBee-enabled systems: vulnerability evaluation, practical experiments, countermeasures, and lessons learned. In 2013 46th Hawaii International Conference on System Sciences (pp. 5132-5138). IEEE.

. Internet of things world forum (iotwf) leaders announce new iot reference model and iotwf talent consortium, .

. What is series (1): What is the osi reference model ?,, 2018.

. Czyz, J., Luckie, M., Allman, M., & Bailey, M. (2016). Don't forget to lock the back door! A characterization of IPv6 network security policy. In Network and Distributed Systems Security (NDSS).

. Angrishi, K. (2017). Turning Internet of things (iot) into Internet of vulnerabilities (iov): Iot botnets. arXiv preprint arXiv:1702.03681.

. C. Wueest, Targeted attacks against the energy sector, targeted_attacks_against_the_energy_sector.pdf, 2014.

. A. Chapman, Hacking into Internet connected light bulbs,, 2014.

. B. Rodrigues, Arris cable modem has a backdoor in the backdoor,, 2015.

. Jmaxxz, Backdooring the frontdoor, DEF CON, Lastaccessed : 10Jul2020, 2016.

. Fernandes, E., Rahmati, A., Jung, J., & Prakash, A. (2017). Security implications of permission models in smart-home application frameworks. IEEE Security & Privacy, 15(2), 24-30.

. Costin, A., Zaddach, J., Francillon, A., & Balzarotti, D. (2014). A large-scale analysis of the security of embedded firmwares. In 23rd {USENIX} Security Symposium ({USENIX} Security 14) (pp. 95-110).

. V. Stoffer, Outdated computers and operating systems,, 2013.

. Markowsky, L., & Markowsky, G. (2015, September). Scanning for vulnerable devices in the Internet of Things. In 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS) (Vol. 1, pp. 463-467). IEEE.

. Costin, A., Zaddach, J., Francillon, A., & Balzarotti, D. (2014). A large-scale analysis of the security of embedded firmwares. In 23rd {USENIX} Security Symposium ({USENIX} Security 14) (pp. 95-110).

. Kayastha, N., Niyato, D., Hossain, E., & Han, Z. (2014). Smart grid sensor data collection, communication, and networking: a tutorial. Wireless communications and mobile computing, 14(11), 1055-1087.

. Lei, X., Tu, G. H., Liu, A. X., Li, C. Y., & Xie, T. (2018, May). The insecurity of home digital voice assistants-vulnerabilities, attacks and countermeasures. In 2018 IEEE Conference on Communications and Network Security (CNS) (pp. 1-9). IEEE.

. Aboshosha, B. W., Dessouky, M. M., Ramadan, R. A., El-Sayed, A., & Galalb, F. H. (2018). Evaluation of lightweight block ciphers based on general feistel structure (GFS). WAS Science Nature (WASSN) ISSN: 2766-7715, 1(1).

. Ramadan, R. A. (2021). Detecting adversarial attacks on audio-visual speech recognition using deep learning method. International Journal of Speech Technology, 1-7.

. Ramadan, R. A., Aboshosha, B. W., Yadav, K., Alseadoon, I. M., Kashout, M. J., & Elhoseny, M. (2021). LBC-IoT: Lightweight Block Cipher for IoT Constraint Devices. CMC-COMPUTERS MATERIALS & CONTINUA, 67(3), 3563-3579.

. Morgner, P., Mattejat, S., & Benenson, Z. (2016). All your bulbs are belong to us: Investigating the current state of security in connected lighting systems. arXiv preprint arXiv:1608.03732.

. Roman, R., Alcaraz, C., Lopez, J., & Sklavos, N. (2011). Key management systems for sensor networks in the context of the Internet of Things. Computers & Electrical Engineering, 37(2), 147-159.

. Wang, X., Salmani, H., Tehranipoor, M., & Plusquellic, J. (2008, October). Hardware Trojan detection and isolation using current integration and localized current analysis. In 2008 IEEE international symposium on defect and fault tolerance of VLSI systems (pp. 87-95). IEEE.

. Aboushosha, B., Ramadan, R. A., Dwivedi, A. D., El-Sayed, A., & Dessouky, M. M. (2020). SLIM: a lightweight block cipher for Internet of health things. IEEE Access, 8, 203747-203757.

. Pammu, A. A., Chong, K. S., Ho, W. G., & Gwee, B. H. (2016, October). Interceptive side channel attack on AES-128 wireless communications for IoT applications. In 2016 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS) (pp. 650-653). IEEE.




How to Cite

Ramadan, R. (2021). Internet of Things (IoT) Security Vulnerabilities: A Review . PLOMS AI, 2(1). Retrieved from




Most read articles by the same author(s)