Path of Science: International Electronic Scientific Journal

The Internet of Things (IoT) introduces critical cybersecurity challenges due to weak authentication, insecure communication, and device vulnerabilities, making IoT systems prime targets for attacks like botnets, data breaches, and ransomware. This comprehensive review analyses current threats, security gaps, and emerging risks (e.g., AI-driven attacks and quantum threats). We evaluate existing defences such as encryption, intrusion detection, and access control and identify key limitations, including scalability issues and lack of real-time adaptability. By synthesising attack trends, defence mechanisms, and unresolved challenges, this paper provides a roadmap for resilient IoT security, guiding researchers and practitioners toward proactive, scalable solutions.

IoT security; cyber threats; AI-driven attacks; zero trust; post-quantum cryptography; intrusion detection

1. Alaba, F. A., Othman, M., Hashem, I. A. T., & Alotaibi, F. (2017). Internet of Things security: A survey. Journal of Network and Computer Applications, 88, 10–28. doi: 10.1016/j.jnca.2017.04.002

2. Statista. (2023). Number of Internet of Things (IoT) connections worldwide from 2022 to 2023, with forecasts from 2024 to 2033. Retrieved from https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/

3. Khan, L. U., Yaqoob, I., Tran, N. H., Kazmi, S. M. A., Dang, T. N., & Hong, C. S. (2020). Edge-Computing-Enabled Smart Cities: A comprehensive survey. IEEE Internet of Things Journal, 7(10), 10200–10232. doi: 10.1109/jiot.2020.2987070

4. Bhuiyan, M. N., Rahman, M. M., Billah, M. M., & Saha, D. (2021). Internet of Things (IoT): A review of its enabling technologies in healthcare applications, standards protocols, security, and market opportunities. IEEE Internet of Things Journal, 8(13), 10474–10498. doi: 10.1109/jiot.2021.3062630

5. Dione, D., Seck, B., Diop, I., Cayrel, P., Faye, D., & Gueye, I. (2023). Hardware security for IoT in the Quantum Era: Survey and challenges. Journal of Information Security, 14(04), 227–249. doi: 10.4236/jis.2023.144014

6. Zaman, M., Puryear, N., Abdelwahed, S., & Zohrabi, N. (2024). A review of IoT-Based Smart City Development and Management. Smart Cities, 7(3), 1462–1501. doi: 10.3390/smartcities7030061

7. Rachini, A., Fares, C., Assaf, M. A., Jamal, B., & Khatoun, R. (2023). AI-Powered Network Intrusion Detection: A New Frontier in Cybersecurity. 24th International Arab Conference on Information Technology (ACIT), 1–8. doi: 10.1109/acit58888.2023.10453733

8. Neshenko, N., Bou-Harb, E., Crichigno, J., Kaddoum, G., & Ghani, N. (2019). Demystifying IoT Security: An exhaustive survey on IoT vulnerabilities and a first empirical look on Internet-Scale IoT exploitations. IEEE Communications Surveys & Tutorials, 21(3), 2702–2733. doi: 10.1109/comst.2019.2910750

9. Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Kumar., D., Lever, C., Ma, Z., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., & Zhou, Y., (2017). Understanding the Mirai Botnet. Proceedings of the 26th USENIX Security Symposium

10. Hoang, V., Ergu, Y. A., Nguyen, V., & Chang, R. (2024). Security risks and countermeasures of adversarial attacks on AI-driven applications in 6G networks: A survey. Journal of Network and Computer Applications, 104031. doi: 10.1016/j.jnca.2024.104031

11. Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of Things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials, 17(4), 2347–2376. doi: 10.1109/comst.2015.2444095

12. Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDOS in the IoT: Mirai and other botnets. Computer, 50(7), 80–84. doi: 10.1109/mc.2017.201

13. Hussain, A. A., Khaleel, I., & Al-Quraishi, T. (2024). Using Data Anonymization in big data analytics security and privacy. Mesopotamian Journal of Big Data, 118–127. doi: 10.58496/mjbd/2024/009

14. Vardakis, G., Hatzivasilis, G., Koutsaki, E., & Papadakis, N. (2024). Review of Smart-Home Security using the Internet of Things. Electronics, 13(16), 3343. doi: 10.3390/electronics13163343

15. Bommana, S. R., Veeramachaneni, S., Ershad, S., & Srinivas, M. (2025). Addressing Adversarial Attacks in IoT using Deep Learning AI models. IEEE Access, 1. doi: 10.1109/access.2025.3552529

16. Tageldin, L. (2025). Internet of Things Security: Threats, recent trends, and mitigation approaches. Advances in Internet of Things, 15(01), 1–15. doi: 10.4236/ait.2025.151001

17. Ali, S., Wang, J., & Leung, V. C. M. (2025). AI-driven fusion with cybersecurity: Exploring current trends, advanced techniques, future directions, and policy implications for evolving paradigms– A comprehensive review. Information Fusion, 102922. doi: 10.1016/j.inffus.2024.102922

18. NIST (2024). NIST Releases First 3 Finalised Post-Quantum Encryption Standards. Retrieved from https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

19. Muwanga, K. E., & Muwanguzi, E. (2024). End User Security using Smart Devices with Ability to Access IoT Services. International Journal of Innovative Science and Research Technology (IJISRT), 2805–2810. doi: 10.38124/ijisrt/ijisrt24sep1430

20. Lazzarini, R., Tianfield, H., & Charissis, V. (2023). Federated Learning for IoT Intrusion Detection. AI, 4(3), 509–530. doi: 10.3390/ai4030028

21. Ferrag, M. A., Derdour, M., Mukherjee, M., Derhab, A., Maglaras, L., & Janicke, H. (2018). Blockchain Technologies for the Internet of Things: Research issues and challenges. IEEE Internet of Things Journal, 6(2), 2188–2204. doi: 10.1109/jiot.2018.2882794

22. Jin, R., Zhang, H., Liu, D., & Yan, X. (2020). IoT-based detection, locating, and alarming of unauthorised intrusion on construction sites. Automation in Construction, 118, 103278. doi: 10.1016/j.autcon.2020.103278

23. IoT Security Foundation. (2024). IoT Security: Past, Present and Future. Retrieved from https://iotsecurityfoundation.org/conference/

24. Bakhshi, T., Ghita, B., & Kuzminykh, I. (2024). A review of IoT firmware vulnerabilities and auditing techniques. Sensors, 24(2), 708. doi: 10.3390/s24020708

25. Kambourakis, G., Maglogiannis, I., & Rouskas, A. (2005). PKI-based secure mobile access to electronic health services and data. Technology and Health Care, 13(6), 511–526. doi: 10.3233/thc-2005-13606

26. GSM Association. (2024). GSMA 5G Security Guide Version 3.0. Retrieved from https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/07/FS.40-v3.0-002-19-July.pdf

27. CSA. (2024). Top Threats to Cloud Computing 2024. Retrieved from https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-2024

28. OWASP. (2024). OWASP IoT Top 10 Vulnerabilities (2024 Updated). Retrieved from https://www.wattlecorp.com/owasp-iot-top-10/

29. Akhdar, A. E., Baidada, C., Kartit, A., Hanine, M., García, C. O., Lara, R. G., & Ashraf, I. (2024). Exploring the Potential of Microservices in Internet of Things: A Systematic Review of Security and Prospects. Sensors, 24(20), 6771. doi: 10.3390/s24206771

30. Alder, S. (2025). Healthcare Data Breach Statistics. HIPAA Journal.

31. Dwork, C., Smith, A., Steinke, T., & Ullman, J. (2017). Exposed! a survey of attacks on private data. Annual Review of Statistics and Its Application, 4(1), 61–84. doi: 10.1146/annurev-statistics-060116-054123

32. Che, B., Liu, L., & Zhang, H. (2020). KNEMAG: Key Node Estimation Mechanism based on Attack Graph for IoT Security. Journal on Internet of Things, 2(4), 145–162. doi: 10.32604/jiot.2020.010035

33. Skouloudi, C., Malatras, A., Naydenov, R., & Dede, G. (2020). Guidelines for Securing the Internet of Things. ENISA

34. Europol. (2024). Detect, Investigate, and Disrupt. Cybercrime Conference 2024.

35. Synopsys. (2024). Synopsys Releases 2023 ESG Report: Our Commitment to a Smart Future. Retrieved from https://www.synopsys.com/blogs/chip-design/2023-esg-report.html

36. Lightman, S., Suloway, T., & Brule, J. (2022). NIST Interagency Report NIST IR 8401 Satellite Ground Segment. doi: 10.6028/nist.ir.8401

37. Chandramouli, R., & Butcher, Z. (2023). A zero trust architecture model for access control in cloud-native applications in multi-location environments. NIST. doi: 10.6028/nist.sp.800-207a

38. Palo Alto. (2023). The 2023 Benchmark Report on IoT Security. Retrieved from https://start.paloaltonetworks.com/rs/531-OCS-018/images/2023-benchmark-report-on-iot-security.pdf?utm_source=marketo&utm_medium=email&utm_campaign=Global-DA-EN-23-03-28-7014u000001VVbBAAW-P3-Network-2023-benchmark-report-on-iot-security

39. Cisco. (2024). Cybersecurity Reports. Retrieved from https://www.cisco.com/c/en/us/products/security/cybersecurity-reports.html#~newest-reports

40. Lakhani, R. (2023). Cybersecurity threats in Internet of things (IoT) networks: vulnerabilities and defence mechanisms. International Journal of Engineering and Computer Science, 12(11), 25965–25980. doi: 10.18535/ijecs/v12i11.4779

41. Alshammari, N., Shahzadi, S., Alanazi, S. A., Naseem, S., Anwar, M., Alruwaili, M., Abid, M. R., Alruwali, O., Alsayat, A., & Ahmad, F. (2024). Security monitoring and management for the network services in the orchestration of SDN-NFV environment using machine learning techniques. Computer Systems Science and Engineering, 48(2), 363–394. doi: 10.32604/csse.2023.040721

42. IBM. (2025). Blockchain for digital identity and credentials. Retrieved from https://www.ibm.com/blockchain-identity

43. Verizon DBIR Team. (2024). 2024 Data Breach Investigations Report. Retrieved from https://www.verizon.com/business/resources/Te3/reports/2024-dbir-data-breach-investigations-report.pdf

44. Liu, C., Chen, B., Shao, W., Zhang, C., Wong, K. K. L., & Zhang, Y. (2024). Unraveling attacks to Machine-Learning-Based IoT Systems: a survey and the open libraries behind them. IEEE Internet of Things Journal, 11(11), 19232–19255. doi: 10.1109/jiot.2024.3377730

45. Singh, T., Solanki, A., Sharma, S. K., Nayyar, A., & Paul, A. (2022). A Decade Review on Smart Cities: Paradigms, challenges and opportunities. IEEE Access, 10, 68319–68364. doi: 10.1109/access.2022.3184710

46. Xiao, Y., Jia, Y., Liu, C., Cheng, X., Yu, J., & Lv, W. (2019). Edge computing security: state of the art and challenges. Proceedings of the IEEE, 107(8), 1608–1631. doi: 10.1109/jproc.2019.2918437

47. Bowen, E., Frank, W., Golden, D., Morris, M., & Norton, K. (2021). Cyber AI: Real defence: Augmenting security teams with data and machine intelligence. Deloitte.

48. Johnston, P. (2020). NISTIR 8295B: IoT Non-Technical Supporting Capability Core Baseline. Retrieved from https://embeddedartistry.com/fieldatlas/nistir-8295b-iot-non-technical-supporting-capability-core-baseline/

49. West, P. (2025). BSI encourages IoT device manufacturers to consider cybersecurity testing. IoT Insider.

50. Brookings. (2023). Quality. Independence. Impact. 2023 Annual Report. Retrieved from https://www.brookings.edu/wp-content/uploads/2023/11/Brookings_FY23_Annual_Report.pdf

51. ENISA (2017). Baseline Security Recommendations for IoT. Retrieved from https://www.enisa.europa.eu/sites/default/files/publications/WP2017%20O-1-1-2%201%20Baseline%20Security%20Recommendations%20for%20IoT%20in%20the%20context%20of%20CII_FINAL.pdf

52. Kawaguchi, N., Yasumoto, K., Riedel, T., & Ding, A. (2023). IoT '23: Proceedings of the 13th International Conference on the Internet of Things. New York: Association for Computing Machinery.

53. Li, S., Chen, Y., Chen, L., Liao, J., Kuang, C., Li, K., Liang, W., & Xiong, N. (2023). Post-Quantum Security: opportunities and challenges. Sensors, 23(21), 8744. doi: 10.3390/s23218744

54. Fernandez-Carames, T. M. (2019). From Pre-Quantum to Post-Quantum IoT Security: A survey on Quantum-Resistant Cryptosystems for the Internet of Things. IEEE Internet of Things Journal, 7(7), 6457–6480. doi: 10.1109/jiot.2019.2958788

55. Cymbalista, S., & Holmquist, E. (2024). FDA Cybersecurity Guidelines for Medical Devices: 2024 Guide. Sternum

56. Aggrey, R., Adjei, B. A., Afoduo, K. O., Dsane, N. a. K., Cudjoe, A., & Ababio, M. A. (2024). Analysing recent APT incidents: case studies and lessons learned. International Journal for Multidisciplinary Research, 6(6). doi: 10.36948/ijfmr.2024.v06i06.33562

57. Alamri, A. H., & Mooney, L. (2025). Dragos Industrial Ransomware Analysis: Q4 2024. Dragos Blog.

58. OPC Foundation News. (2022). CISA Alert (AA22-103A): APT Cyber Tools Targeting ICS/SCADA Devices. Retrieved from https://opcfoundation.org/news/opc-foundation-news/cisa-alert-aa22-103a-apt-cyber-tools-targeting-ics-scada-devices/

59. Aumayr, L., Moreno-Sanchez, P., Kate, A., & Maffei, M. (2023). Breaking and Fixing Virtual Channels: Domino Attack and Donner. Network and Distributed System Security Symposium. doi: 10.14722/ndss.2023.24370

60. Ponemon Institute. (2024). The 2024 Study on the State of AI in Cybersecurity. Retrieved from https://www.ponemon.org/

61. Keen, E. (2024). Gartner Identifies the Top Cybersecurity Trends for 2024. Gartner

62. INTERPOL. (2023). Annual Report 2023. Retrieved from https://www.interpol.int/content/download/22267/file/INTERPOL%20Annual%20Report%202023%20EN.pdf

63. Ramezanpour, K., Jagannath, J., & Jagannath, A. (2022). Security and privacy vulnerabilities of 5G/6G and WiFi 6: Survey and research directions from a coexistence perspective. Computer Networks, 221, 109515. doi: 10.1016/j.comnet.2022.109515

64. Forum Global. (2024). 6G Global Summit. Retrieved from https://global6gsummit.com/2024/

65. IEEE 6G Summit Leeds. (2024). Retrieved from https://5gsummit.org/leeds24/