Volume-3,Issue-5, May2025 International Journal of Modern Science and Technology

ISSN NO-2584-2706

A Review on Cybersecurity Challenges in IoT Devices

Deepa Barethiya; Chumban Bopche; Tushar Latesh Parate

Department of MCA, G H Raisoni College of Engineering and Management,
Nagpur, Maharashtra, India

Abstract: 1. Introduction:
The Internet of Things (IoT) is revolutionizing According to IBM, Internet-connected devices
the manner in which devices interact, enabling are expected to outnumber human beings, and
smart environments in sectors such as the evolution of connectivity is also expected
healthcare, transportation, and power grids. to speed up so that in 2020 the number of
However, this growing interconnectivity comes connected devices will be around 50 billion
with serious cybersecurity challenges with the [1]. The expanding Internet of Things (IoT)
vast number of interconnected devices, limited has made it possible to connect everything
computing resources, and lack of standardized and anything to the internet. It has brought a
security practices. This review addresses the digital disruption to the physical world by
most significant cybersecurity threats in IoT changing the way we engage with technology.
environments, particularly in critical With IoT, it is now possible to connect light
infrastructures such as the smart grid, where bulbs, refrigerators, drones, pet feeders,
device compromise can have catastrophic sensors, smart TVs and digital set-top boxes,
consequences. security cameras, wearables, automotive
The article covers threats such as weak systems, and medical devices to the internet.
authentication, insecure communication, lack Various industries—from healthcare to
of encryption, and limited device security. It manufacturing, utilities, transport, and
also covers secured device manufacturing homes—have been transformed and are now
practices, hardware protection, and network- more intelligent and efficient.
level controls. The article also includes a case The term "IoT" was originally coined by
study of web interface attacks to illustrate real- Kevin Ashton, a British technology
world threats. Since traditional security entrepreneur, in 1999. Ashton characterizes
controls will be inadequate, the article IoT as a network where the Internet is
emphasizes the importance of the use of newer connected with the physical world using
methods such as machine learning and post- pervasive sensors [2],[3]. The Internet of
quantum cryptography to predict, detect, and Things can be termed as a network of physical
counter threats. things, vehicles, and domestic appliances [4],
In the future, the research urges developers, such as those that are components of smart city
manufacturers, and researchers to collectively infrastructure. Such intelligent devices
act with urgency to build scalable, secure IoT typically consist of embedded electronics,
systems. With more widespread use of IoT, software, sensors, actuators, and connectivity
these cybersecurity issues need to be addressed features which enable them to collect, share,
in order to preserve the trust, reliability, and and react to information automatically or by
resilience of connected devices and critical means of human involvement.
services they deliver. But with the rapid growth of IoT devices also

Keywords: Internet of Things (IoT),

Cybersecurity, Smart Grid, IoT Security
Challenges, Critical Infrastructure Protection.

IJMSRT25MAY066 www.ijmsrt.com 293

DOI: https://doi.org/10.5281/zenodo.15496886
Volume-3,Issue-5, May2025 International Journal of Modern Science and Technology
ISSN NO-2584-2706

comes the enormous and complex surface area unparalleled convenience, automation, and
for cyber attacks. IoT devices differ from efficiency, they have also presented a broad
computing systems because, in most instances, spectrum of cybersecurity threats. As IoT
they are deployed in uncontrolled or physically devices find their way into the fabric of
accessible environments, and thus they are everyday life and critical infrastructure, they
particularly susceptible to a broad spectrum of offer a rich target for an adversary. The
cybersecurity threats. These include heterogeneity and scale in IoT ecosystems
unauthorized access, data breaches, malware render it difficult to provide a one-size-fits-all
infection, DoS attacks, and hijacking of devices. security solution, leaving most devices
The majority of IoT devices lack sufficient vulnerable to attacks such as spoofing,
inbuilt security due to limited processing power, eavesdropping, denial-of-service (DoS), and
financial restrictions, or slothfulness in the man-in-the-middle (MitM) intrusions[5].
manufacturing process. Also, heterogeneity and Among the most significant IoT security issues
scale of IoT ecosystems pose challenges is a lack of adequate end-to-end encryption
towards implementing standardized security and authentication procedures, especially on
measures across platforms and devices. constrained devices. A majority of IoT
IOT security is not an option—it's a deployments focus more on functionality and
requirement. The more IoT moves into low costs at the expense of secure protocols. In
strategic infrastructure and the mundane addition, firmware updates are often
aspects of life, any breach can have long-term overlooked, and vulnerabilities still exist even
consequences, from privacy infringement, when exploits are no longer unknown. This
financial gains, and bodily injury to even practice of neglecting upkeep can lead to
threatening human safety. This overview aims ongoing attack channels in critical systems[6].
to examine the core cybersecurity concerns Also, the majority of IoT systems operate in
that accompany IoT devices, analyze existing settings where physical security is not feasible,
mitigation strategies, and recommend future which means it is easier for devices to be
steps in securing the Internet of Things. hacked or accessed without permission. The
absence of standardized security requirements
2. Literature Review: and certifications among IoT device
The need for data-on-demand using manufacturers makes the situation even more
sophisticated, intuitive queries continues to complex[7].
increase tremendously [2]. This has led to what Together, here reviewed literature suggests that
most researchers refer to as the post-PC era, while IoT is a revolutionary technology, its
with intelligent devices and smartphones accelerated growth undermines the existing
transforming human-environment interaction. security mechanisms. The consensus among
In this dynamic setting, ordinary objects are experts is that immediate necessity is for
becoming interactive and informative. Mark lightweight cryptographic algorithms, secure
Weiser, in some cases described as the father communication protocols, device
of Ubiquitous Computing, defined this vision authentication methods, and regulatory level
as a "smart environment in the physical world standardsexclusively for the IOT environment.
that is richly and invisibly interwoven with
sensors, actuators, displays, and computational 3. Methodology:
elements, embedded seamlessly in everyday The methodology used for this review paper is
objects, and connected through a continuous a systematic review of published literature,
network" [8]. industry case studies, and reported
Although these innovations have provided cybersecurity incidents involving IoT
environments.

IJMSRT25MAY066 www.ijmsrt.com 294

DOI: https://doi.org/10.5281/zenodo.15496886
Volume-3,Issue-5, May2025 International Journal of Modern Science and Technology
ISSN NO-2584-2706

This includes peer-reviewed research papers, Self-healing features: Smart grids are designed
vulnerability databases (e.g., CVE listings), and to reconfigure automatically in the event of
white papers from technology vendors. The natural disasters, blackouts, or cyber attacks.
evaluation framework aligns with conventional They can isolate faulted segments
information security objectives—confidentiality, autonomously, re-route power, and prevent
integrity, and availability (CIA)—and IoT- cascading failures.
specific concerns such as scalability, Data-based energy management: Similar to
heterogeneity, physical security, and device data packets being delivered on the internet,
lifecycle management smart grids deliver energy packets using
The article categorizes and analyzes security routers and gateways to identify most cost-
concerns on different layers of the IoT effective routes of transmission [11].
ecosystem: hardware, firmware, communication This real-world application provides valuable
protocols, network infrastructure, and web- lessons regarding both benefits and limitations
based user interfaces. Particular emphasis is also of large IoT networks.
placed on evaluating technological aspects of
smart systems, using the example of massive 3.3 Cybersecurity Controls in IoT:
IoT deployment such as Smart Grids. In order to quantify the cybersecurity posture of
IoT devices, we discuss a variety of technical
techniques and best practices:
Hardware-based Security: IoT devices with
Trusted Platform Modules (TPMs) or Hardware
Security Modules (HSMs) can safely store
cryptographic keys, encrypt/decrypt data, and
authenticate device identities.
Data Encryption: Encrypted protocols must be
implemented to ensure data in transit and data at
Fig. IoT Device Attack Surface Diagram rest confidentiality between connected IoT
devices.
3.1 Components and Architecture of IOT: Network Security: IDPS, firewalls, secure
IOT infrastructures typically consist of a wide gateways, and network segmentation are
variety of sensors and hardware devices that reviewed for their ability to secure against
comprise Wireless Sensor Networks (WSNs), network-based assaults.
RFID tags, actuators, GPS modules, Secure Device Design: Adding "security by
magnetometers, waspmote sensors, infrared and design" throughout the entire product
ultrasonic sensors, and embedded controllers development process—from architecture to
and gateways. These devices are typically deployment—insures that IoT devices are
supplemented with silicon integrated circuits secure against known and future threats [1].
(ICs) and nano-electronic systems with the main
objective of achieving miniaturization, low cost, 3.3.1 Critical Cybersecurity Challenges
and high performance. The largest impediments to IoT adoption is the
lack of good security protocols. These are
3.2 Smart Grid as a Use Case: supplementary to traditional information system
Smart Grid (SG) represents one of the biggest- security objectives—confidentiality, integrity,
scale actual-world implementations of IoT and availability (CIA)—but are compounded by
technology. It involves several IoT devices— the unique characteristics of IoT devices such
from power plants to household appliances—to as:
enable dynamic energy management and two-  Resource limitations making it hard to
way communication among consumers and implement traditional cryptographic
providers [10][11]. algorithms.
 Variability of protocols across device makers.
IJMSRT25MAY066 www.ijmsrt.com 295
DOI: https://doi.org/10.5281/zenodo.15496886
Volume-3,Issue-5, May2025 International Journal of Modern Science and Technology
ISSN NO-2584-2706

 Vulnerability to physical attacks and Bluetooth), which may be spoofed, hijacked

environmental interference. using man-in-the-middle (MitM) attacks, or
 Sparse or non-existent firmware updates. intercepted.

Cyber Security Challenges: 4. Benefits:

Different from traditional IT environments, IoT IOT integration of electric power systems
devices usually execute in resource-constrained, revolutionized the conventional grid to the
heterogeneous, and physically accessible Smart Grid—a very sensitive, digitally
environments exposed to more attack threats. empowered, and data-centric system. The
Though the fundamental information system following are the benefits that identify how IoT
security objectives of confidentiality, integrity, makes grid management efficient, efficient, and
and availability (CIA) continue to apply, the interactive:
unique structure of IoT creates new threat
dimensions and raises the attack surface 4.1 Advanced Metering Infrastructure
considerably [12]. The application of IoT technologies makes it
The primary IoT cybersecurity issues are: possible to install Advanced Metering
1. Device Heterogeneity: Infrastructure, which automatically reads,
IoT systems are made up of a wide range of analyzes, and reports energy consumption.
devices possessing varying capabilities, Smart meters communicate with utility
architectures, and communication protocols. This companies in real-time, allowing for effective
heterogeneity complicates the application of billing, detection of outages, remote
global security standards to be implemented and disconnection/reconnection, and accurate
hinders interoperability as well as shared threat demand forecasting.
management.
2. Limited Processing Power and Memory: 4.2 Enhanced Reliability and Self-Healing
The majority of IoT devices are built with limited Ability
processing and storage capacity to reduce cost An intelligent grid based on IoT is self-repairing
and size. As a result, they lack the capability to in nature, i.e., faults are automatically sensed by
support conventional encryption algorithms, the network and it redesigns itself for the
secure boot processes, or intrusion detection restoration of normal operation. This minimizes
mechanisms. downtime due to internal faults or external
3. Firmware and Software Vulnerabilities: disturbances, thereby improving system
Due to poor or non-existent software patching reliability and toughness of the power
processes, the majority of IoT devices remain distribution network [6].
vulnerable to known exploits. Even where
updates are available, they are not applied by 4.3 Efficiency of Power Management
users. IoT devices support bi-directional exchange of
4. Lack of Standardization: power, which supports the consumer not just in
The absence of global standards for IoT device using power but also to supply power that is
security creates uneven application of security wasted in the process to the grid. With this facet
controls across manufacturers and platforms. combined with sources of energy that are green,
5. Data Privacy and Leakage Risks: such as solar or biogas, power sustainability and
IoT devices are constantly collecting, decentralization increase.
transmitting, and storing sensitive personal or
operational data. Without proper encryption and 5. Challenges
data governance procedures, the data can be Cybersecurity remains one of the largest and
intercepted or exploited. most complex challenges in the Internet of
6. Insecure Communication Channels: Things (IoT) domain. With so many connected
A number of these appliances send data over devices, IoT systems are highly vulnerable to
insecure wireless networks (e.g., Wi-Fi, Zigbee, different types of cyber attacks such as

IJMSRT25MAY066 www.ijmsrt.com 296

DOI: https://doi.org/10.5281/zenodo.15496886
Volume-3,Issue-5, May2025 International Journal of Modern Science and Technology
ISSN NO-2584-2706

espionage, data theft, sabotage, and ransomware. solutions that balance protection with energy
In a United States-based survey, 54% of efficiency reduction [6].
cyberattacks were on energy infrastructure,
which reflects the increased risk to critical 6. Future Direction in IoT Devices Security
infrastructure [10]. Research
The future of IoT device security is about to be
5.1 Key Security Challenges in IOT: revolutionized with the advancement of artificial
Three fundamental problems render it difficult intelligence (AI), machine learning (ML), and
to deploy effective security controls in IoT adaptive security solutions. As the spread of
systems [2]: connected devices expands to critical industries,
 Highly Distributed Environments: IoT security solutions that don't just detect but also
applications run on various and geographically anticipate and block threats in real-time are now
dispersed locations, and hence centralized imperative.
control and monitoring become difficult.
 Heterogeneous Devices: The heterogeneity of 6.1 Intelligent and Adaptive Device Security
smart devices with various architectures, The integration of deep learning, reinforcement
protocols, and operating systems makes learning, and neural network models into IoT
universal security enforcement difficult. devices is a revolutionary prospect. These
 Resource Limitations: Most IoT devices have intelligent systems can monitor behavioral
low power, processing, and memory capabilities, patterns, identify anomalies, and react to
which limits the application of conventional emerging threats in real-time. In future research,
security features [7]. these models will be integrated at the device level
Consequently, standard cybersecurity models do so that autonomous threat detection and self-
not function effectively in IoT landscapes and healing capabilities minimize human intervention.
need innovative strategies specific to the
peculiar nature of IoT systems. 6.2 Securing the Digital Evolution of Devices
The shift from analog to digital control systems in
5.2 Vulnerabilities in IOT-Based Virtual smart environments—energy, healthcare, and
Power Plant (VPP): industrial automation—has raised device
IoT-based Virtual Power Plants (VPPs) are functionality exponentially but also added new
especially vulnerable due to their hierarchical vulnerabilities. While digital systems provide
architecture based on Advanced Metering better monitoring and control, they also raise the
Infrastructure (AMI), SCADA systems, power attack surface. Future research will have to focus
monitoring equipment, and demand-response on creating security-focused embedded systems
units. The hierarchical architecture of such that are cyber-intrusion resilient, even under
systems offers various points of entry for constrained computational and power budgets.
intrusions. A single compromised node can
trigger cascading failures, resulting in system- Evolving Threat Environment for IoT Devices
wide outages. With escalating cyberattacks growing more
sophisticated and targeted, IoT devices must
Sensor Limitations: support an increasingly evolving threat
Several IoT sensors in the present generation environment. Legacy static security solutions no
lack features that are basic and essential like longer suffice. New security models must
situational intelligence, secure protocols of incorporate:
communication, and power efficiency [4]. They  Integration of real-time threat intelligence

are exposed to abuse and manipulation due to  Response mechanisms built into the device

these shortcomings. Additionally, low-power firmware

wireless networks, which are the standard for  Lightweight cryptography protocols for low-

many IoT installations, require high-end security power IoT devices

IJMSRT25MAY066 www.ijmsrt.com 297

DOI: https://doi.org/10.5281/zenodo.15496886
Volume-3,Issue-5, May2025 International Journal of Modern Science and Technology
ISSN NO-2584-2706

 Blockchain and decentralized trust to [1] Kenneth Kimani , Vitalice Oduol , Kibet
enhance device authentication and data integrity. Langat , Cyber Security Challenges for IoT-
based Smart Grid Networks, International
7. Conclusion Journal of Critical Infrastructure Protection
The Internet of Things (IoT) is the next frontier (2019)
in achieving global and ubiquitous connectivity [2] Lackner M, Markl E, Aburaia M (2018)
between heterogeneous communication and Cybersecurity Management for (Industrial)
computation-capable objects—regardless of Internet of Things: Challenges and
access technology, resource capabilities, or Opportunities. J Inform Tech Softw
geographical location. Of its many applications, [3] Vinothkumar Kolluru, Sudeep Mungara,
the smart grid represents the largest and most Advaitha Naidu Chintakunta International
visible IoT technology deployment. In this Journal on Cryptography and Information
domain, IoT-enabled devices are strategically Security (IJCIS), Vol. 9, No.1/2, June 2019
located along the energy chain—from [4] Samuel Tweneboah-Koduah1 • Knud Erik
generation to end-users—offering real-time Skouby1 • Reza Tadayoni1 Cyber Security
control, monitoring, and optimization of grid Threats to IoT Applications and Service
components. Domains Springer Science+Business Media
In this study, the challenges and developments New York 2017.
in the security of the IoT ecosystem have been [5] Olukunle Oladipupo Amoo 1, Femi Osasona
examined with specific emphasis on intrusion 2 Cybersecurity threats in the age of IoT: A
detection systems (IDS) and privacy of data. review of protective measures Received on 26
Working through datasets like UNSW-NB15 and December 2023; revised on 03 February 2024.
using machine learning, we demonstrated how [6] Sampath Kumar Venkatachary, Jagdish
smart security systems enhance detection rates Prasad, Ravi Samikannu, Annamalai Alagappan
and response times in IoT networks. & Leo John Baptist Andrews (2020)
The dynamic behavior and complexity of critical Cybersecurity infrastructure challenges in IoT
infrastructure, arising from the integration of based virtual power plants, Journal of Statistics
optical fiber communications, power line and Management Systems
carriers, wireless modules, and dedicated cables, [7] Arif Ali Mughal Cybersecurity Hygiene in
have introduced new cyber vulnerabilities. The the Era of Internet of Things (IoT): Best
current paper reviewed the extensive effects of Practices and Challenges 2019.
cyberattacks on critical infrastructures, [8] Jianli Pan , Zhicheng Yang Cybersecurity
particularly the energy sector, and highlighted Challenges and Opportunities in the New “Edge
their ill effects on the operation of the grid. Computing + IoT” World.
Finally, IoT technologies vastly improve the [9] Akwetey Henry Matey, 2Paul Danquah,
functionality of smart grids, enabling never- 1Godfred Yaw Koi-Akrofi and 1 Isaac
before levels of visibility and control. However, Asampana CRITICAL INFRASTRUCTURE
to lead them to their full capability, it is essential CYBERSECURITY CHALLENGES: IOT IN
that security vulnerabilities must be treated PERSPECTIVE nternational Journal of Network
preventively at the design, implementation, and Security & Its Applications (IJNSA) Vol.13,
integration phases of IoT systems—especially No.4, July 2021
within mission-critical sectors such as energy. It [10] Mariya Ouaissa1 , Mariyam Ouaissa1
is essential to constantly carry out research and Cyber Security Issues for IoT based Smart Grid
engage with professionals to ensure that the IoT Infrastructure RESGEVT 2020 IOP Conf.
environment remains secure, robust, and Series: Materials Science and Engineering 937
trustworthy as ever against emerging cyber- (2020) 012001 IOP Publishing
attacks. [11] Eli Ratih Rahayu , Ariesya Aprillia , Ramzi
Zainum Ikhsan Cybersecurity in the Age of IoT
8. References and Developing Frameworks for Securing Smart
Devices and Networks Journal of Computer

IJMSRT25MAY066 www.ijmsrt.com 298

DOI: https://doi.org/10.5281/zenodo.15496886
Volume-3,Issue-5, May2025 International Journal of Modern Science and Technology
ISSN NO-2584-2706

Science and Technology Application

(CORISINTA) Vol. 2, No. 1, 2025
[12] Elias Yasar Akyol, “Barriers of Adopting
Progressive Web Applications – A Qualitative
Study Focusing on the Swedish Context”,
Spring 2023: MAGI02.

IJMSRT25MAY066 www.ijmsrt.com 299

DOI: https://doi.org/10.5281/zenodo.15496886