Cybersecurity in the Era of IoT: A Review of Vulnerabilities, Threats, and Mitigation Strategies

Waqas Ahmed
Air University, Islamabad, Pakistan
Correspondence to: waqaskhattak99@gmail.com

DOI: https://doi.org/10.70389/PJS.100038

Additional information

• Ethical approval: N/a
• Consent: N/a
• Funding: No industry funding
• Conflicts of interest: N/a
• Author contribution: Waqas Ahmed – Conceptualization, Writing – original draft, review and editing
• Guarantor: Waqas Ahmed
• Provenance and peer-review:
  Commissioned and externally peer-reviewed
• Data availability statement: N/a

Keywords: IoT security, Blockchain, Quantum cryptography, DDoS attacks, AI in cybersecurity.

Peer Review
Received: 15 November 2024
Revised: 24 November 2024
Accepted: 24 November 2024
Published: 14 December 2024

Introduction

Background on Internet of Things and its Growing Prevalence

Kevin Ashton coined the term IoT in 1998. Internet of Things (IoT) can be defined as the integration of data providers and end users who work on the Internet and other communication networks.¹ The IoT is a new paradigm that allows the interaction between electronic devices and sensors via the Internet to make our lives more convenient.² Smart devices combined with the Internet are used to provide innovative solutions to the challenges and problems posed by different business, governmental, and public/private industries around the world (Figure 1).³ The potential and power of IoT can be seen in several application domains. Figure 2 shows few of the application domains of IoT’s potentials.³

While abundant literature focuses on the technological advancements and applications of IoT, there is a need to provide comprehensive reviews on the unique security challenges it poses.⁴ This review focuses on the collision of IoT architecture, vulnerabilities, and new threats, providing a more holistic review of critical issues, such as malware, distributed denial of service (DDoS) attacks, and data breaches.⁵ It further provides new security innovations such as blockchain, artificial intelligence (AI), and quantum cryptography that are at the forefront of solving IoT-specific threats.⁶ This synthesis review bridges the gap on recent advancements, threats, and solutions, laying out the understanding of IoT security. It is distinguished from prior reviews in that it highlights how advances in cutting-edge technologies converge with the regulatory developments that shape the future of IoT cybersecurity. It has been noted that the security of IoT needs to evolve to meet both the technology and the scale of deployment across all industries involved.⁷

Motivation for Cybersecurity Research in IoT

IoT devices are also penetrating to every nook and corner of our lives, and they extend the cyber world to the physical world that has created new types of and more complex security issues and concerns.⁸ IoT devices are much more heterogeneous than conventional computing systems since they range from simple sensors to complex medical equipment, each with its distinct hardware specifications, operating systems, and communication protocols.⁹ Moreover, most IoT devices are powered by low-power microcontrollers, which have too little computing power for any kind of heavy encryption or even limited intrusion detection mechanisms in many cases.¹⁰ The resultant limited processing power reduces the scope of security measures that could be enforced and hence leaves such devices open to attacks.¹¹ Wide-scale IoT implementation across diverse applications ranging from smart home automation to industrial automation brings along much complexity in terms of security. Managing security over such a vast, interrelated network is bound to increase vulnerability as each device becomes a possible entry point for cyber threats.⁹ Even a single compromised IoT device can cause a break into the larger network that may jeopardize whole systems and the integrity of user data.¹²

Research Scope and Objectives

• To provide an overview of IoT architecture and security fundamentals, including layers, security requirements, and unique challenges to IoT security.
• To analyze common threats targeting IoT environments, including malware, denial-of- service (DoS)/DDoS attacks, data breaches, and advanced persistent threats, and assess their potential impact on IoT systems.
• To evaluate current mitigation strategies and best security practices for IoT systems, emphasizing methods such as security-by-design principles, network encryption, authentication mechanisms, and anomaly detection systems.
• To explore emerging trends and technologies, such as blockchain, AI, and quantum cryptography, that hold promise for enhancing IoT cybersecurity.
• To recommend strategies to enhance IoT security and reduce vulnerabilities to stakeholders, including IoT manufacturers, service providers, and policymakers.

Structure of the Review

The introduction provides a brief context of IoT, motivation for cybersecurity research in IoT, and aims and objectives. The subsequent sections discuss IoT architecture and security fundamentals, common vulnerabilities in IoT, threats to IoT security, and future directions and emerging trends. The conclusion provides a summary of key insights.

Overview of IoT Architecture and Security Fundamentals

Layers of IoT Architecture

Typically, the IoT architecture has three primary layers (Figure 3): a perception layer, a network layer, and an application layer, each having its own different tasks in gathering, transmitting, and processing the data.¹²

Perception Layer: Commonly known as the “sensor layer,” the perception layer involves devices such as sensors and actuators. This is said to be the foundational layer; this layer takes in data from the environment; for example, temperature, movement, and other physical metrics.¹⁴ The perception layer is key because it creates the “input” in IoT systems, thus making it a key target to attackers who may attempt to disrupt sensor data at this early stage.¹⁵
Network Layer: This layer transfers the data sensed by the perception layer to other layers through any protocol, such as Wi-Fi, Bluetooth, or 4G/5G. The network layer also includes aspects relating to routing and control mechanisms, which makes it critical for maintaining the data transfer speed and security. Thus, this layer tends to suffer from network-based attacks (e.g., interception and jamming), which causes a halt in communication and compromises data integrity.^14,15
Application Layer: It is at the topmost layer of this architecture, which processes data for the services of applications to its users. It is specialized in different domains, such as health care, transportation, and manufacturing. The layer transforms raw data to actionable insights or services.¹⁴ This is a user-facing, operation-handling layer, but it is also one of the first targets of malware and other application-layer attacks that directly affect user privacy and system performance.

Security Requirements in IoT

Security in IoT is founded on some principles that protect the data and integrity of the device throughout an ecosystem in IoT (Figure 4).¹⁷ These principles include the following among others:

Confidentiality: This is a principle that states that data must only be accessible to authorized users or devices. Here, IoT collects sensitive data such as health and location, and it heavily relies on privacy to avoid unauthorized access.¹⁷
Integrity: The data transmission medium should be resistant to any changes or manipulation. Since most IoT devices send data wirelessly, they are particularly vulnerable to interception and alteration attacks, which will split the accuracy and reliability of the data in question.^17,18
Availability: IoT systems need to be available to users at the right time, ensuring that devices and services are accessible without interruption. Undoubtedly, DoS attacks, which paralyze devices, are a massive threat when availability is at stake—accidents in care facilities or industries, for instance, might be seriously delayed by such attacks.¹⁹
Authentication: This is the process of authentication of devices and users in the IoT network in order not to allow access from unauthorized sources and ensure that only trusted devices are provided with permissions. Strict mechanisms at authentication stages could be considered important to prevent malicious actors from posing as legitimate devices.
Non-repudiation: This principle implies that after any action or transaction is performed in the IoT network, it cannot be denied. Non-repudiation is of paramount importance in tracing the actions to specific devices or users and supporting accountability inside IoT ecosystems.¹⁹

Common Vulnerabilities in IoT

Common vulnerabilities are physical, network, and application in IoT (Figure 5):

Unique Challenges to IoT Security

IoT-specific challenges in terms of security reflect the unique characteristics of its application fields, which, for example, deploy it in resource-constrained environments with fewer mechanisms for updating their parameters and certain devices that are accessible.²⁰

Resource Limitations: Most IoT devices are built to be power-sensitive and processing-intensive, which limits the functionality of running robust security protocols. Lightweight encryption techniques and efficient algorithms should be developed to safely protect such devices without significantly overloading their resources.

Updates Limited on IoT: Most IoT devices, especially in remote or embedded environments, are left without regular updates. The manufacturers do not provide any ongoing support for security updates. In some cases, the hardware is not compatible with the new patches.²⁰

Physical Accessibility: Most IoT devices are installed in exposed or easily accessible locations and thus have physical vulnerability. Intruders may tamper with or even steal devices to gain unauthorized access or extract sensitive data directly.^21,22

Device Vulnerabilities: The biggest aspects of vulnerabilities concerning the IoT include inherent issues with design, manufacturing, and deployment related to IoT devices. Many IoT appliances have utilized default passwords or possess weak authentication systems. More often than not, attackers utilize such weaknesses to carry out brute force attacks to gain unauthorized access to them.²² Default credentials are one of the most probable vulnerabilities which users forget to change, which is exploited in the security of IoT appliances. Firmware vulnerabilities expose various attacks on devices. Since firmware does not receive regular updates like other software, attackers might exploit known security vulnerabilities to undermine the functionality of a device in use. The challenge with insecure firmware manifests especially with IoT because most devices are built on resource-constrained environments, usually with limited memory and processing power that do not allow much scope in supporting complex security features or updates. An attacker who gains physical access to a device might be able to bypass its control flows or exfiltrate sensitive data, or even simply implant malware in the device.²³

Network Vulnerabilities: In a man-in-the-middle (MitM) attack, the attacker would intercept data communication between IoT devices, but here gain access to sensitive information or manipulate data while on its way. This type of attack is more prevalent in IoT networks when data transmission relies on unencrypted methods. Thus, encrypting channels of communication will provide an effective means of mitigating the risk posed by the MitM attack. However, resource constraints can severely limit the use of encryption in IoT devices.^22,23 In network spoofing, the attacker creates fake access points or spoofs legitimate devices within the IoT network. The devices will connect to a possibly unauthorized network that can capture information or execute commands within the IoT ecosystem through such a mechanism (Zhou & Zhang, 2019). Many IoT devices with inadequate networking security capabilities cannot identify spoofed networks.²¹ In unsecured protocols, most IoT devices use lightweight protocols such as MQTT, efficient but lacking in security.²³

Application Vulnerabilities: IoT applications have bugs or software flaws that may make them vulnerable. Some of the problems, including buffer overflow and bad error handling, will give an attacker a chance to exploit the weaknesses at the application layer. Moreover, the IoT devices do not have the capabilities to run heavy error detection or handling systems, and hence the software flaws may be hard to detect and correct. Most IoT applications rely on cloud infrastructure for storage and data processing, thus creating new security risks. Poor configurations in clouds, lack of encryption, and vulnerabilities in cloud-based application programming interfaces can create weaknesses in the system that can allow unauthorized access to the data.²⁴ Since such IoT applications widely occur in the cloud, its vulnerabilities will have a critical privacy impact. IoT applications gather and process significant data that is usually rich with personal information, such as health metrics or location data.

Threats to IoT Security

Malware and Ransomware Attacks

IoT-specific malware targets the many weaknesses found in these devices. Major objectives include the creation of a botnet and data mining. For example, the Mirai is one of the most commonly known IoT botnets, infecting many machines to conduct large DDoS attacks.²⁵ IoT botnets involve a botnet composed of hacked devices controlled by an attacker, which one can apply for wide-ranging attacks—from DDoS to spamming. The most alarming part about this botnet attack is that the scale is so huge because IoT devices are very diffused and are mostly left unsecured.²⁶ Malware- infected IoT devices can be mobilized in massive volumes, leading to an overwhelming attack on targeted servers and networks.²¹ IoT ransomware is another new threat wherein attackers take over control of a device and demand ransom to restore its functionality. This could be especially risky in critical infrastructure sectors whereby IoT devices have control over vital services like power and health care.²⁸

DoS and DDoS Attacks

DoS and DDoS attacks flood IoT devices or networks with traffic with the intent of making it impossible to access them. The outcome is that there is a lot of downtime and loss of service (Figures 6 and 7):²⁶

Large-Scale DDoS Attacks (Mirai Botnet Case Example)

The incident of a Mirai botnet attack in 2016, which affected websites such as Twitter, Netflix, and Reddit because the servers were flooded with traffic²⁵ coming from infected IoT devices, brought the DDoS attacks through IoT to attention. Mirai infected these devices with the use of default credentials and consequently converted them to bots, which launched huge DDoS attacks. Such attacks can be mitigated by having strong authentication mechanisms and secure communication protocols in place. For instance, enforcing unique credentials for each device and regular firmware updates could significantly reduce the ability of such breaches to happen again. Blockchain could have been used to ensure only authenticated devices participate in the network, and the AI-based anomaly detection systems would have caught those unusual traffic patterns early to prevent escalation.²¹ DoS/DDoS Attacks’ Impact on IoT Ecosystems: In IoT, the DoS/DDoS attack can be both severe and devastating. For instance, in health and industrial IoT, downtime of devices can cause operational failure, loss in data, and sometimes even physical harm. Most of these IoT devices are quite incapable of defending against massive traffic and thus remain vulnerable to DoS/DDoS attacks.²⁷ This might cause both direct monetary damage and reputational loss in organizations with IoT.^30,31

Future Directions and Emerging Trends in IoT Security

Research Gap

Traditional cryptographic methods tend to surpass the computational as well as energy capabilities of IoT devices, especially in applications such as wearables and sensors within remote regions.³² Future work should be aimed at creating as well as standardizing lightweight cryptographic algorithms that balance security with efficiency. Such algorithms also need to be resilient against the emerging threat from quantum computers. Most IoT devices, especially the older ones, do not have facilities that enable receiving firmware updates, hence leaving them exposed to the changing threats. There is a need to do research in the design of solutions that are scalable, secure, and cost-effective for upgrading legacy systems without disrupting their operational procedures.³³ Promising directions could be over-the-air (OTA) updates combined with blockchain for version control. While AI and blockchain technologies are separately explored, their integrated usage for IoT security is greatly under-researched.³⁴ Studies should investigate ways through which AI-driven anomaly detection systems could interface with blockchain-based systems to automate threat responses to IoT networks while establishing greater transparency.

Blockchain for IoT Security

Blockchain technology provides a decentralized approach to security, addressing the central vulnerabilities of IoT with guaranteed data integrity and transparency without central authority control. Therefore, it is more fitting for device authentication management with secure data interexchange.³⁵ For example, blockchain prevents unauthorized access in smart home systems by demanding that devices check out their credentials against a shared ledger before communication. Furthermore, when it is based on blockchain, smart contracts can automatize security protocols and terminate access permission if anomalies arise, thereby avoiding manual intervention and resulting in potential errors.³⁶

AI and Machine Learning in Cyber Defense

AI algorithms will analyze massive datasets, enabling them to track abnormal patterns and predict potential attacks. Predictive ability is even more important in the IoT environment, in which real-time data from all those devices would be useful in identifying the threat at its early stages.³⁷ AI-driven systems would even manipulate device settings, isolate affected devices, and provide countermeasures based on identified attack patterns.³⁸ For example, in industry-specific IoT, machine learning algorithms can detect subtle changes that indicate malware infection or might indicate potential failure in machinery, enabling an intervention at the right time. More so, AI-based systems can orchestrate dynamic responses to threats, such as disconnecting compromised devices from the network to prevent an attack’s spread.

Quantum Cryptography

Quantum computers are expected to break many of the presently used encryption algorithms, such as RSA and ECC, that secure IoT data nowadays. This threat lets us understand how important the development of “quantum-resistant” cryptographic protocols will be for IoT security.³⁹ Quantum-resistant algorithms can withstand quantum decryption techniques. Quantum key distribution (QKD) is one such promising approach. This will provide theoretically unbreakable encryption through the principles of quantum mechanics.⁴⁰ Practically, QKD can increase the security capabilities of IoT devices for critical sectors, such as health care or energy grids, where data integrity and confidentiality are extremely critical.

Policy and Regulatory Developments

Governments around the world realize that a code for IoT security is needed. Many insist that IoT devices be installed with security mechanisms, such as a strong password, to protect data. As most IoT devices work across borders, there must be international cooperation in coming up with security standards. The International Organization for Standardization (ISO) and the Internet Engineering Task Force (IETF) are working to come up with a globally accepted framework for IoT security. Emerging regulations, such as the General Data Protection Regulation (GDPR) in Europe and the IoT Cybersecurity Improvement Act in the United States, set important baselines for IoT security. The GDPR puts much focus on data protection and privacy while imposing stringent guidelines for how data is handled through IoT devices.⁴¹ On the other hand, the IoT Cybersecurity Improvement Act requires minimum security conditions to be met by government-acquired IoT devices, which include unique credentials and timely updates. Such regulations encourage manufacturers to majorly focus on security, but the implementation often remains inconsistent among different regions. Despite progress, critical gaps persist. Current regulations lack comprehensive guidelines for consumer IoT devices, which dominate the market. Further policies should focus on ensuring transparency in how devices handle user data, requiring manufacturers to disclose security practices clearly. Regulations must also address the lifecycle management of IoT devices, including secure decommissioning protocols to prevent exploitation of discarded devices.

Conclusion

The rapid growth of the IoT brings not only unprecedented opportunities but also major cybersecurity challenges. This paper covered some of the main vulnerabilities in IoT ecosystems, ranging from weak device authentication to sophisticated threats like ransomware and DDoS attacks. Emerging technologies such as blockchain, AI, and quantum cryptography offer new approaches to solving problems. Evolving regulatory frameworks provide a basis for IoT applications to be secured.

Key Takeaways

For IoT Manufacturers: Apply security-by-design principles, such as strong authentication, regular firmware updates, and resource-friendly cryptographic techniques. Use blockchain or distributed ledger technologies for transparent device management that is able to automatically mitigate threats.

For Policymakers: Develop current regulations to include comprehensive guidelines for consumer IoT devices that discuss lifecycle security and decommissioning protocols.Encourage international cooperation that will produce a set of unified security standards and reward best practices by manufacturers.

For Researchers: Focus on building lightweight cryptographic algorithms that are scalable and efficient mechanisms for updating the legacy IoT system.

Hybrid security: Blockchain, AI, and post-quantum cryptography to future-proof IoT networks. FINAL The IoT demands continuous research and innovation in dynamic and interconnected cybersecurity. Stakeholders must collaborate to address current vulnerabilities and anticipate future threats. Only through a concerted effort can we ensure the secure growth of IoT ecosystems, protecting both users and critical infrastructures in an increasingly digital world.

References

1 Mahmood S. Review of internet of things in different sectors: recent advances, technologies, and challenges. J Internet Things. 2021;3(1):19-26.
https://doi.org/10.32604/jiot.2021.013071
 
2 Villamil S, Hernández C, Tarazona G. An overview of internet of things. Telkomnika [Internet]. 2020;18(5):2320-7. Available from: http://eds.b.ebscohost.com/eds/pdfviewer/pdfviewer?vid=2&sid=7dd64ee0-4322-4afa-ad59- 5f3557193137%40sessionmgr101
 
3 Kumar S, Tiwari P, Zymbler M. Internet of things is a revolutionary approach for future technology enhancement: a review. J Big Data. 2019;6(1):111.
https://doi.org/10.1186/s40537-019-0268-2
 
4 Tariq U, Ahmed I, Bashir AK, Shaukat K. A critical cybersecurity analysis and future research directions for the internet of things:
 
A comprehensive review. Sensors. 2023;23(8):4117.
https://doi.org/10.3390/s23084117
 
5 Tawalbeh L, Muheidat F, Tawalbeh M, Quwaider M. IoT privacy and security: challenges and solutions. Appl Sci [Internet]. 2020;10(12):4102. Available from: https://www.mdpi.com/2076-3417/10/12/4102
https://doi.org/10.3390/app10124102
 
6 Alwarafy A, Al-Thelaya KA, Abdallah M, Schneider J, Hamdi M. A survey on security and privacy issues in edge computing-assisted internet of things. IEEE Internet Things J. 2020;8:1.
https://doi.org/10.1109/JIOT.2020.3015432
 
7 Rachit, Bhatt S, Ragiri PR. Security trends in internet of things: a survey. SN Appl Sci. 2021;3(1):121.
https://doi.org/10.1007/s42452-021-04156-9
 
8 Sha K, Wei W, Andrew Yang T, Wang Z, Shi W. On security challenges and open issues in internet of things. Future Gen Comput Syst. 2018;83:326-37.
https://doi.org/10.1016/j.future.2018.01.059
 
9 Ravikumar KC, Chiranjeevi P, Manikanda Devarajan N, Kaur C, Taloba AI. Challenges in internet of things towards the security using deep learning techniques. Meas Sensors [Internet]. 2022;100473. Available from: https://www.sciencedirect.com/science/article/pii/S2665917422001076
https://doi.org/10.1016/j.measen.2022.100473
 
10 Noaman M, Khan MS, Abrar M, Ali S, Alvi A, Saleem M. Challenges in integration of heterogeneous internet of things. Sci Program. 2022;2022:1-14.
https://doi.org/10.1155/2022/8626882
 
11 Weber RH, Studer E. Cybersecurity in the internet of things: legal aspects. Comput Law Security Rev [Internet]. 2016;32(5):715-28. Available from: https://www.sciencedirect.com/science/article/pii/S0267364916301169
https://doi.org/10.1016/j.clsr.2016.07.002
 
12 Rani D. Lightweight security protocols for internet of things: a review. Int J Adv Trends Comput Sci Eng. 2019;8(3):707-19.
https://doi.org/10.30534/ijatcse/2019/58832019
 
13 Kitrum. Three layer architecture in the IoT. Specifications and Security Threats. [Internet]. KITRUM. 2023. Available from: https://kitrum.com/blog/three-layer-architecture-in-the-internet- of-things/
 
14 Burhan M, Rehman R, Khan B, Kim BS. IoT elements, layered architectures and security issues: A comprehensive survey. Sensors [Internet]. 2018;18(9):2796. Available from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6165453/
https://doi.org/10.3390/s18092796
 
15 Sethi P, Sarangi SR. Internet of things: Architectures, protocols, and applications. J Electr Comput Eng [Internet]. 2017;2017(9324035):1-25. Available from: https://www.hindawi.com/journals/jece/2017/9324035/
https://doi.org/10.1155/2017/9324035
 
16 Pallavi. Elements of information security [Internet]. hackingconcept. 2016 [cited 2024 Nov 12]. Available from: https://hackingconcept.wordpress.com/2016/03/08/elements-of-information- security/
 
17 Bin Haris MAH, Yahya MIHB, Ibrahim MNB. Security and privacy issues in internet of things (IoT) [Internet]. http://www.techrxiv.org. 2023. Available from: https://www.techrxiv.org/articles/preprint/Security_and_Privacy_Issues_in_Internet_of_Things_I oT_/23512389
https://doi.org/10.36227/techrxiv.23512389.v1
 
18 Siraparapu SR, Azad SMAK. Securing the IoT landscape: A comprehensive review of secure systems in the digital era. e-Prime – Adv Electr Eng Electron Energy [Internet] .2024;100798-8. Available from: https://www.sciencedirect.com/science/article/pii/S2772671124003784
 
19 Mahmoud R, Yousuf T, Aloul F, Zualkernan I. Internet of things (IoT) security: Current status, challenges and prospective measures [Internet]. IEEE Xplore. 2015 [cited 2020 May 22] p. 336-41. Available from: https://ieeexplore.ieee.org/document/7412116.
https://doi.org/10.1109/ICITST.2015.7412116
 
20 Rozlomii I, Yarmilko A, Naumenko S. Data security of IoT devices with limited resources: Challenges and potential solutions [Internet]. 2024. Available from: https://ceur-ws.org/Vol- 3666/paper13.pdf
 
21 Williams P, Dutta IK, Daoud H, Bayoumi M. A survey on security in internet of things with a focus on the impact of emerging technologies. Internet Things [Internet]. 2022;19:100564. Available from: https://www.sciencedirect.com/science/article/pii/S2542660522000592
https://doi.org/10.1016/j.iot.2022.100564
 
22 Baho SA, Abawajy J. Analysis of consumer IoT device vulnerability quantification frameworks. Electronics [Internet]. 2023;12(5):1176. Available from: https://www.mdpi.com/2079-9292/12/5/1176
https://doi.org/10.3390/electronics12051176
 
23 Thomas J. An analysis of vulnerabilities in IOT devices & solutions – IOT (Internet of Things) -cyber security-hacking-RFID -Wi- fi -barcode – bluetooth -risk -hardware -software [Internet]. 2021. Available from: https://digitalscholarship.tsu.edu/cgi/viewcontent.cgi? article=1021&context=frj
 
24 Butun I, Osterberg P, Song H. Security of the internet of things: Vulnerabilities, attacks and countermeasures. IEEE Commun Surveys Tutorials [Internet]. 2019;22(1):1. Available from: https://ieeexplore.ieee.org/document/8897627
https://doi.org/10.1109/COMST.2019.2953364
 
25 Kolias C, Kambourakis G, Stavrou A, Voas J. DDoS in the IoT: Mirai and other botnets. Computer [Internet]. 2017;50(7):80-4. Available from: https://ieeexplore.ieee.org/document/7971869
https://doi.org/10.1109/MC.2017.201
 
26 Alrawi O, Lever C, Antonakakis M, Monrose F. SoK: Security evaluation of home-based IoT deployments [Internet]. IEEE Xplore. 2019. pp. 1362-80. Available from: https://ieeexplore.ieee.org/abstract/document/8835392?casa_token=c- VpS4D4c70AAAAA:hARXyZSrWX-Ing-mOlPtXmjZXYE6JiDbD79l733zKft9PTX1N5rqOniOVGEUU2jzDBZtk9s61dvgVg
 
27 Wong C. What is a denial of service (DoS) Attack? | Cobalt [Internet]. http://www.cobalt.io. 2022. Available from: https://www.cobalt.io/blog/what-is-denial-of-service-attack
 
28 Tariq Ahamed Ahanger, Tariq U, Dahan F, Chaudhry SA, Malik Y. Securing IoT devices running PureOS from ransomware attacks: Leveraging hybrid machine learning techniques. Open Access. 2023;11(11):2481-1.
https://doi.org/10.3390/math11112481
 
29 Kunal Chitwar. Mirai is malware created by 21 year old Paras Jha and 20 year old Josiah white, which mostly affecting IoT devices running ARC Processors. In September 2016 mirai malware launched a DDos attack on website of well known security experts. [Internet]. Linkedin.com. 2019 [cited 2024 Nov 12]. Available from: https://www.linkedin.com/pulse/mirai- botnet-kunal-chitwar
 
30 Zhou H. The internet of things in the cloud. 2012
https://doi.org/10.1201/b13090
 
31 Malik V, Khanna A, Sharma N, Suryaprakash nalluri. Advanced persistent threats (APTs): Detection techniques and mitigation Strategies. 2024. Available from: https://ijgis.pubpub.org/pub/44fxb30l/release/1
https://doi.org/10.21428/e90189c8.91e89a3e
 
32 Allioui H, Mourdi Y. Exploring the full potentials of IoT for better financial growth and stability: a comprehensive survey. Sensors. 2023;23(19):8015.
https://doi.org/10.3390/s23198015
 
33 Alwahedi F, Aldhaheri A, Ferrag MA, Battah A, Tihanyi N. Machine learning techniques for IoT security: Current research and future vision with generative AI and large language models. Internet Things Cyber-Phys Syst. 2024;4:167-85.
https://doi.org/10.1016/j.iotcps.2023.12.003
 
34 Deepak N, Gulia P, Gill NS, Yahya M, Gupta P, Prashant Kumar Shukla, et al. Exploring the potential of Blockchain technology in an IoT-enabled environment: a review. IEEE Access. 2024;8:1.
 
35 Dorri A, Kanhere S, Jurdak R. Blockchain in internet of things: challenges and solutions [Internet]. Available from: https://arxiv.org/pdf/1608.05187
 
36 Lone AH, Naaz R. Applicability of Blockchain smart contracts in securing Internet and IoT: a systematic literature review. Comput Sci Rev. 2021;39:100360.
https://doi.org/10.1016/j.cosrev.2020.100360
 
37 Yang Y, Wu L, Yin G, Li L, Zhao H. A survey on security and privacy issues in internet-of- things. IEEE Internet Things J [Internet]. 2017;4(5):1250-8. Available from: https://ieeexplore.ieee.org/document/7902207
https://doi.org/10.1109/JIOT.2017.2694844
 
38 Hussain F, Hussain R, Hassan SA, Hossain E. Machine learning in IoT security: current solutions and future challenges. IEEE Commun Surv Tutorials [Internet]. 2020 [cited 2021 Feb 24];22(3): 1686-721. Available from: https://ieeexplore.ieee.org/abstract/document/9060970
https://doi.org/10.1109/COMST.2020.2986444
 
39 Ahmed N. Quantum computing algorithms for integer factorization: A comparative analysis. 2024 [cited 2024 Nov 19];1(1):6-9. Available from: http://mathematics.moderndynamics.in/index.php/mdmp/article/view/2
https://doi.org/10.36676/mdmp.v1.i1.02
 
40 Pirandola S, Andersen U, Banchi L, Berta M, Bunandar D, Colbeck R, et al. Advances in quantum cryptography. Adv Opt Photon. 2020;12(4):1012-236.
https://doi.org/10.1364/AOP.361502
 
41 Legal IT Group. Privacy and data protection measures for IoT; GDPR for IoT; Internet of Things and General Data Protection Regulation. [Internet]. Legal IT group. 2020. Available from: https://legalitgroup.com/en/gdpr-and-internet-of-things-iot/

Cite this article as:
Ahmed W. Cybersecurity in the Era of IoT: A Review of Vulnerabilities, Threats, and Mitigation Strategies. Premier Journal of Science 2025;4:100038

Export to EndNote Export to Mendeley