Internet of Things (IoT) Security Vulnerabilities: A Review

Authors

  • Rabie Ramadan Computer Engineering Department, Faculty of Engineering, Cairo University, Giza, Egypt.

Keywords:

Internet of Things, security, IoT, applications, physical security, smart cities

Abstract

The Internet of Things (IoT) collects and processes data from remote locations, substantially increasing the productivity of dispersed systems or individuals. Due to the restricted budget available for power consumption, IoT devices usually lack advanced data encryption and device authentication.  The hardware components used in IoT devices are not high-end, and therefore, the integrity and security of the majority of IoT devices are in question. For instance, an adversary may include a Hardware Trojan (HT) during the manufacturing phase of IoT hardware devices to trigger data leakage or device failures in addition to other security issues. Here, we examine security risks to IoT in this paper, with a particular focus on attacks aimed at compromising the software, hardware, communication, and chip. 

References

. Farahani, S. (2011). ZigBee wireless networks and transceivers. newnes.

. Vidgren, N., Haataja, K., Patino-Andres, J. L., Ramirez-Sanchis, J. J., & Toivanen, P. (2013, January). Security threats in ZigBee-enabled systems: vulnerability evaluation, practical experiments, countermeasures, and lessons learned. In 2013 46th Hawaii International Conference on System Sciences (pp. 5132-5138). IEEE.

. Internet of things world forum (iotwf) leaders announce new iot reference model and iotwf talent consortium, https://telecomreseller.com/2014/10/14/internet-of-things-worldforum-iotwf-leaders-announce-new-iot-reference-model-and-iotwf-talent-consortium/ .

. What is series (1): What is the osi reference model ?, https://nicolaswindpassinger.com/osi-reference-model, 2018.

. Czyz, J., Luckie, M., Allman, M., & Bailey, M. (2016). Don't forget to lock the back door! A characterization of IPv6 network security policy. In Network and Distributed Systems Security (NDSS).

. Angrishi, K. (2017). Turning Internet of things (iot) into Internet of vulnerabilities (iov): Iot botnets. arXiv preprint arXiv:1702.03681.

. C. Wueest, Targeted attacks against the energy sector, https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ targeted_attacks_against_the_energy_sector.pdf, 2014.

. A. Chapman, Hacking into Internet connected light bulbs, https://www.contextis.com/en/blog/hacking-into-internet-connected-light-bulbs, 2014.

. B. Rodrigues, Arris cable modem has a backdoor in the backdoor, https://w00tsec.blogspot.com/2015/11/arris-cable-modem-has-backdoor-in.html, 2015.

. Jmaxxz, Backdooring the frontdoor, DEF CON, https://doi.org/10.5446/36251 Lastaccessed : 10Jul2020, 2016.

. Fernandes, E., Rahmati, A., Jung, J., & Prakash, A. (2017). Security implications of permission models in smart-home application frameworks. IEEE Security & Privacy, 15(2), 24-30.

. Costin, A., Zaddach, J., Francillon, A., & Balzarotti, D. (2014). A large-scale analysis of the security of embedded firmwares. In 23rd {USENIX} Security Symposium ({USENIX} Security 14) (pp. 95-110).

. V. Stoffer, Outdated computers and operating systems, https://commons.lbl.gov/display/cpp/Outdated+Computers+and+Operating+Systems, 2013.

. Markowsky, L., & Markowsky, G. (2015, September). Scanning for vulnerable devices in the Internet of Things. In 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS) (Vol. 1, pp. 463-467). IEEE.

. Costin, A., Zaddach, J., Francillon, A., & Balzarotti, D. (2014). A large-scale analysis of the security of embedded firmwares. In 23rd {USENIX} Security Symposium ({USENIX} Security 14) (pp. 95-110).

. Kayastha, N., Niyato, D., Hossain, E., & Han, Z. (2014). Smart grid sensor data collection, communication, and networking: a tutorial. Wireless communications and mobile computing, 14(11), 1055-1087.

. Lei, X., Tu, G. H., Liu, A. X., Li, C. Y., & Xie, T. (2018, May). The insecurity of home digital voice assistants-vulnerabilities, attacks and countermeasures. In 2018 IEEE Conference on Communications and Network Security (CNS) (pp. 1-9). IEEE.

. Aboshosha, B. W., Dessouky, M. M., Ramadan, R. A., El-Sayed, A., & Galalb, F. H. (2018). Evaluation of lightweight block ciphers based on general feistel structure (GFS). WAS Science Nature (WASSN) ISSN: 2766-7715, 1(1).

. Ramadan, R. A. (2021). Detecting adversarial attacks on audio-visual speech recognition using deep learning method. International Journal of Speech Technology, 1-7.

. Ramadan, R. A., Aboshosha, B. W., Yadav, K., Alseadoon, I. M., Kashout, M. J., & Elhoseny, M. (2021). LBC-IoT: Lightweight Block Cipher for IoT Constraint Devices. CMC-COMPUTERS MATERIALS & CONTINUA, 67(3), 3563-3579.

. Morgner, P., Mattejat, S., & Benenson, Z. (2016). All your bulbs are belong to us: Investigating the current state of security in connected lighting systems. arXiv preprint arXiv:1608.03732.

. Roman, R., Alcaraz, C., Lopez, J., & Sklavos, N. (2011). Key management systems for sensor networks in the context of the Internet of Things. Computers & Electrical Engineering, 37(2), 147-159.

. Wang, X., Salmani, H., Tehranipoor, M., & Plusquellic, J. (2008, October). Hardware Trojan detection and isolation using current integration and localized current analysis. In 2008 IEEE international symposium on defect and fault tolerance of VLSI systems (pp. 87-95). IEEE.

. Aboushosha, B., Ramadan, R. A., Dwivedi, A. D., El-Sayed, A., & Dessouky, M. M. (2020). SLIM: a lightweight block cipher for Internet of health things. IEEE Access, 8, 203747-203757.

. Pammu, A. A., Chong, K. S., Ho, W. G., & Gwee, B. H. (2016, October). Interceptive side channel attack on AES-128 wireless communications for IoT applications. In 2016 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS) (pp. 650-653). IEEE.

Downloads

Published

2021-10-20

How to Cite

Ramadan, R. (2021). Internet of Things (IoT) Security Vulnerabilities: A Review . PLOMS AI, 2(1). Retrieved from https://plomscience.com/journals/index.php/PLOMSAI/article/view/14

Issue

Vol. 2 No. 1 (2022)

Section

Computer

License

Copyright (c) 2022 PLOMS AI

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

PLOMS  Journals Copyright Statement

PLOMS LLC. grants you a non-exclusive, royalty-free, revocable license to: 

  • Academic Journals licenses all works published under the Creative Commons Attribution 4.0 International License. This license grants anybody the right to reproduce, redistribute, remix, transmit, and modify the work, as long as the original work and source are properly cited.
  • PLOMS LLC. grants you no further rights in respect to this website or its content. 

Without the prior consent of PLOMS LLC, this website and its content (in any form or medium) may not be changed or converted in any manner. To avoid doubt, you must not modify, edit, alter, convert, publish, republish, distribute, redistribute, broadcast, rebroadcast, display, or play in public any of the content on this website (in any form or medium) without PLOMS LLC's prior written approval.

Permissions

Permission to use the copyright content on this website may be obtained by emailing to: 

 [email protected].

PLOMS LLC. takes copyright protection very seriously.  If PLOMS LLC. discovers that you have violated the license above by using its copyright materials, PLOMS LLC. may pursue legal action against you, demanding monetary penalties and an injunction to prevent you from using such materials. Additionally, you may be required to pay legal fees.

If you become aware of any unauthorized use of PLOMS LLC. copyright content that violates or may violate the license above, please contact :

[email protected].

Infringing content

If you become aware of any content on the website that you feel violates your or another person's copyright, please notify [email protected].

Most read articles by the same author(s)