Chapter 2. Security Threats of IoT

The implementation of IoT system largely depends on the inbuilt security of IoT devices. Various elements of the IoT system such as IoT devices, operating platforms & systems, communication among "things" poses many security challenges. A study conducted by Hewlett Packard Enterprise shows that 70% of IoT devices are susceptible to a one or another kind of security breach[1]. These security breaches put our physical infrastructure, food supply, water system, power network, public data etc. at high risk. Various research concerns- data security, authentication, secure communication, update management, authorization – have emerged to address the security challenges of IoT system (Behmann et al., 2015; Frustaci et al., 2018; Zhou et al., 2018; Lin et al., 2017).

The key features and requirements of a secure IoT system are secure and safe authentication, bootstrapping, access to data by an authorized person and secure data transmission (Borgia, 2014; Weber, 2010). In order to protect the IoT system from severe security challenges such as impersonating “things” and denial of sleep attack, securing communication using encryption is very important (Mendez et al., 2017).

IoT systems are fueled by different technologies to support various functions and applications (Kumar et al.,2016; Granjal et al., 2015). As each technology brings up its own security concerns and issues, which have to be addressed within the technical boundaries set by capabilities & constraints of an IoT system itself at every layer of defence (Mendez et al., 2017; Granjal et al., 2015). However, the new paradigm of communication, sharing, and actuation has its own set of security concerns, which are difficult to be managed by "usual approach" used for classical systems and networks (Riahi et al., 2013).

Security threats for IoT devices can be numerous and varied, but here are some common ones:

1. Unauthorized Access: This is when an attacker gains access to the IoT device without proper authorization. It could be through default credentials, unpatched vulnerabilities, or other means.

2. Data Breach: If an IoT device stores sensitive data, it could be a target for data breaches. The data could be personal user data, confidential business data, or other sensitive information.

3. Malware: IoT devices can be infected with malware, just like computers. The malware could be used for various malicious activities, such as DDoS attacks or data theft.

4. Physical Tampering: If an attacker can physically access the IoT device, they might be able to tamper with it in ways that compromise its security.

5. Eavesdropping: This is when an attacker listens in on the communications between the IoT device and other systems. It could be used to steal sensitive information.

6. Man-in-the-Middle Attacks: In a man-in-the-middle attack, an attacker intercepts the communication between the IoT device and another system. They can then alter the communication, eavesdrop, or even impersonate one of the parties.

7. Denial of Service (DoS): A DoS attack aims to make a service unavailable to its intended users. This could be done by overwhelming the service with traffic, exploiting a vulnerability to crash the service, or other means.