Cybersecurity vulnerabilities in IoT devices
摘要
The Internet of Things (IoT) encompasses a network of devices equipped with sensing, computing and actuating capabilities, leading to a surge in cybersecurity vulnerabilities that threaten personal security and public safety. Addressing vulnerabilities is essential for ensuring IoT security. In this Review, we provide a comprehensive overview of IoT device vulnerabilities and countermeasures, contrasting their characteristics with traditional computer vulnerabilities. We highlight that IoT device vulnerabilities are often complex and have far-reaching implications, owing to their deep integration with the physical and cyber domains. We propose a new taxonomy that categorizes IoT device vulnerabilities into in-band and out-of-band classifications, emphasizing emerging out-of-band vulnerabilities. We discuss advancements in vulnerability management technologies, including identification, assessment, remediation and mitigation. Our analysis highlights the need to extend beyond cyber-centric security paradigms to incorporate countermeasures that address cyber–physical interactions. We conclude by outlining future research directions, including generalizable vulnerability models, scalable identification pipelines, secure-by-design architectures and resilience for emerging systems.