Skip to main content

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

  • Review Article
  • Published:

Cybersecurity vulnerabilities in IoT devices

Nature Reviews Electrical Engineering (2026) Cite this article

Subjects

Abstract

The Internet of Things (IoT) encompasses a network of devices equipped with sensing, computing and actuating capabilities, leading to a surge in cybersecurity vulnerabilities that threaten personal security and public safety. Addressing vulnerabilities is essential for ensuring IoT security. In this Review, we provide a comprehensive overview of IoT device vulnerabilities and countermeasures, contrasting their characteristics with traditional computer vulnerabilities. We highlight that IoT device vulnerabilities are often complex and have far-reaching implications, owing to their deep integration with the physical and cyber domains. We propose a new taxonomy that categorizes IoT device vulnerabilities into in-band and out-of-band classifications, emphasizing emerging out-of-band vulnerabilities. We discuss advancements in vulnerability management technologies, including identification, assessment, remediation and mitigation. Our analysis highlights the need to extend beyond cyber-centric security paradigms to incorporate countermeasures that address cyber–physical interactions. We conclude by outlining future research directions, including generalizable vulnerability models, scalable identification pipelines, secure-by-design architectures and resilience for emerging systems.

Key points

  • The characteristics of Internet of Things (IoT) devices differentiate their vulnerabilities in cybersecurity from those of traditional computers, bringing new challenges to addressing vulnerability in the IoT era.

  • The emerging out-of-band vulnerabilities in IoT devices pose risks from the anomalous conversion between the physical signals and cyber information and call for the attention of researchers to address such vulnerabilities.

  • It is essential to integrate a complete vulnerability management life cycle involving identification, assessment, remediation and mitigation, with an emphasis on building IoT vulnerability databases as the cornerstone.

  • Vulnerability identification is evolving to address emerging and varying IoT vulnerabilities by integrating artificial intelligence technologies and targeting the signal-information conversion of IoT devices.

  • Threats to IoT devices increasingly involve the simultaneous exploitation of multiple vulnerabilities. Remediation and mitigation must not only balance security and usability but also address the challenges of concurrent vulnerability exploitation.

This is a preview of subscription content, access via your institution

Access options

Buy this article

  • Purchase on SpringerLink
  • Instant access to the full article PDF.

USD 39.95

Prices may be subject to local taxes which are calculated during checkout

Fig. 1: Representation of the integration of the physical and cyber components of Internet of Things devices.
The alternative text for this image may have been generated using AI.
Fig. 2: Evolution of Internet of Things security breaches.
The alternative text for this image may have been generated using AI.
Fig. 3: A taxonomy and examples of common in-band and out-of-band vulnerabilities.
The alternative text for this image may have been generated using AI.
Fig. 4: A workflow of Internet of Things vulnerability management.
The alternative text for this image may have been generated using AI.

Similar content being viewed by others

References

  1. Antonakakis, M. et al. Understanding the Mirai botnet. In Proc. 26th USENIX Security Symposium 1093–1110 (USENIX Association, 2017).

  2. Cowan, C., Beattie, S., Johansen, J. & Wagle, P. PointGuard™: protecting pointers from buffer overflow vulnerabilities. In Proc. 12th USENIX Security Symposium 91–104 (USENIX Association, 2003).

  3. Kim, Y. et al. Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. ACM SIGARCH Comput. Architect. N. 42, 361–372 (2014).

    Article  Google Scholar 

  4. Yu, M., Zhuge, J., Cao, M., Shi, Z. & Jiang, L. A survey of security vulnerability analysis, discovery, detection, and mitigation on IoT devices. Future Internet 12, 27 (2020).

    Article  Google Scholar 

  5. Zhang, G. et al. DolphinAttack: inaudible voice commands. In Proc. 2017 ACM SIGSAC Conf. Computer and Communications Security 103–117 (ACM, 2017); https://doi.org/10.1145/3133956.3134052. This article reports a comprehensive analysis showing that adversaries can inject ultrasonic signals to obtain unauthorized access to the smartphone’s intelligent voice assistant by exploiting the vulnerabilities of smartphones.

  6. Ji, X. et al. Poltergeist: acoustic adversarial machine learning against cameras and computer vision. In Proc. 2021 IEEE Symposium on Security and Privacy 160–175 (IEEE, 2021); https://doi.org/10.1109/SP40001.2021.00091.

  7. Jin, Z. et al. PLA-LiDAR: physical laser attacks against LiDAR-based 3D object detection in autonomous vehicle. In Proc. 2023 IEEE Symposium on Security and Privacy 1822–1839 (IEEE, 2023); https://doi.org/10.1109/SP46215.2023.10179458.

  8. Yan, C., Xu, Z., Yin, Z., Ji, X. & Xu, W. Rolling colors: adversarial laser exploits against traffic light recognition. In Proc. 31st USENIX Security Symposium 1957–1974 (USENIX Association, 2022).

  9. Sugawara, T., Cyr, B., Rampazzi, S., Genkin, D. & Fu, K. Light commands: laser-based audio injection attacks on voice-controllable systems. In Proc. 29th USENIX Security Symposium 2631–2648 (USENIX Association, 2020).

  10. Jiang, Q. et al. GlitchHiker: uncovering vulnerabilities of image signal transmission with IEMI. In Proc. 32nd USENIX Security Symposium 7249–7266 (USENIX Association, 2023).

  11. Jiang, Q. et al. GhostType: the limits of using contactless electromagnetic interference to inject phantom keys into analog circuits of keyboards. In Proc. 31st Network and Distributed System Security Symposium 37–51 (The Internet Society, 2024); https://doi.org/10.14722/ndss.2024.23016.

  12. Wang, K. et al. GhostTouch: targeted attacks on touchscreens without physical touch. In Proc. 31st USENIX Security Symposium 1543–1559 (USENIX Association, 2022).

  13. Wang, K. et al. Volttack: control IoT devices by manipulating power supply voltage. In Proc. 2023 IEEE Symposium on Security and Privacy 1771–1788 (IEEE, 2023); https://doi.org/10.1109/SP46215.2023.10179340.

  14. Kumar, D. et al. All things considered: an analysis of IoT devices on home networks. In Proc. 28th USENIX Security Symposium 1169–1185 (USENIX Association, 2019).

  15. Keller, R. M. Computer Science: Abstraction to Implementation (Harvey Mudd College, 2001).

  16. Colburn, T. R. & Shute, G. Abstraction in computer science. Minds Mach. 17, 169–184 (2007).

    Article  Google Scholar 

  17. Elshamy, M. et al. Digital-to-analog Hardware Trojan attacks. IEEE Trans. Circuits Sys. I 69, 573–586 (2022).

    Google Scholar 

  18. Chen, J., Paxson, V. & Jiang, J. Composition kills: a case study of email sender authentication. In Proc. 29th USENIX Security Symposium 2183–2199 (USENIX Association, 2020).

  19. Rahaman, S. et al. CryptoGuard: high precision detection of cryptographic vulnerabilities in massive-sized Java projects. In Proc. 2019 ACM SIGSAC Conference on Computer and Communications Security 2455–2472 (ACM, 2019); https://doi.org/10.1145/3319535.3345659.

  20. Goodfellow, I. J., Shlens, J. & Szegedy, C. Explaining and harnessing adversarial examples. Preprint at https://doi.org/10.48550/arxiv.1412.6572 (2015). This article discusses the misclassified adversarial examples — inputs altered by intentional perturbations to induce incorrect outputs with high confidence — and suggests that the core issue lies in the linear characteristics of neural networks.

  21. Yu, S. et al. Don’t listen to me: understanding and exploring jailbreak prompts of large language models. In Proc. 33rd USENIX Security Symposium 4675–4692 (USENIX Association, 2024).

  22. Ullah, S. et al. LLMs cannot reliably identify and reason about security vulnerabilities (yet?): a comprehensive evaluation, framework, and benchmarks. In Proc. 2024 IEEE Symposium on Security and Privacy 862–880 (IEEE, 2024); https://doi.org/10.1109/SP54263.2024.00210.

  23. Srinivasan, J. Innovative cross-layer defense mechanisms for blackhole and wormhole attacks in wireless ad-hoc networks. Sci. Rep. 15, 14747 (2025).

    Article  Google Scholar 

  24. Singh, V. P., Jain, S. & Singhai, J. Hello flood attack and its countermeasures in wireless sensor networks. Int. J. Comput. Sci. Issues 7, 23–27 (2010).

    Google Scholar 

  25. Xiao, S. et al. SoK: understanding the fundamentals and implications of sensor out-of-band vulnerabilities. In Proc. 33rd Network and Distributed System Security Symposium https://doi.org/10.14722/ndss.2026.230450 (The Internet Society, 2026). This article proposes a bottom-up systematization methodology that analyses OOB vulnerabilities from their physical principles to their system-level impact, offering a foundational understanding of sensor hardware security.

  26. Yang, F. et al. ReThink: reveal the threat of electromagnetic interference on power inverters. In Proc. 32nd Network and Distributed System Security Symposium https://doi.org/10.14722/ndss.2025.23691 (The Internet Society, 2025).

  27. Long, Y. et al. EM eye: characterizing electromagnetic side-channel eavesdropping on embedded cameras. In Proc. 31st Network and Distributed System Security Symposium https://doi.org/10.14722/ndss.2024.24472 (The Internet Society, 2024).

  28. Luo, S., Nguyen, A., Farooq, H., Sun, K. & Yan, Z. Eavesdropping on controller acoustic emanation for keystroke inference attack in virtual reality. In Proc. 31st Network and Distributed System Security Symposium https://doi.org/10.14722/ndss.2024.24333 (The Internet Society, 2024).

  29. Choi, J., Yang, H.-Y. & Cho, D.-H. TEMPEST comeback: a realistic audio eavesdropping threat on mixed-signal SoCs. In Proc. 2020 ACM SIGSAC Conference on Computer and Communications Security 1085–1101 (ACM, 2020); https://doi.org/10.1145/3372297.3417241.

  30. Camurati, G., Poeplau, S., Muench, M., Hayes, T. & Francillon, A. Screaming channels: when electromagnetic side channels meet radio transceivers. In Proc. 2018 ACM SIGSAC Conference on Computer and Communications Security 1085–1101 (ACM, 2018); https://doi.org/10.1145/3243734.3243802.

  31. Ba, Z. et al. Accelerometer-based smartphone eavesdropping. In Proc. 26th ACM International Conference on Mobile Computing and Networking 73:1–73:2 (ACM, 2020); https://doi.org/10.1145/3372224.3417323.

  32. Hu, P. et al. AccEar: accelerometer acoustic eavesdropping with unconstrained vocabulary. In Proc. 2022 IEEE Symposium on Security and Privacy 1757–1773 (IEEE, 2022); https://doi.org/10.1109/SP46214.2022.9833716.

  33. Baballe, M. et al. Management of vulnerabilities in cyber security. J. Math. Tech. Comput. Math. 2, 170–174 (2023).

    Article  Google Scholar 

  34. Kandasamy, K., Srinivas, S., Achuthan, K. & Rangan, V. P. IoT cyber risk: a holistic analysis of cyber risk assessment frameworks, risk vectors, and risk ranking process. EURASIP J. Info. Security 2020, 8 (2020).

    Article  Google Scholar 

  35. Neshenko, N., Bou-Harb, E., Crichigno, J., Kaddoum, G. & Ghani, N. Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on Internet-scale IoT exploitations. IEEE Commun. Surv. Tutor. 21, 2702–2733 (2019).

    Article  Google Scholar 

  36. Cheng, K. et al. Detecting vulnerabilities in Linux-based embedded firmware with SSE-based on-demand alias analysis. In Proc. 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis 360–372 (ACM, 2023); https://doi.org/10.1145/3597926.3598062.

  37. Gibbs, W. et al. Operation Mango: scalable discovery of taint-style vulnerabilities in binary firmware services. In Proc. 33rd USENIX Security Symposium 7123–7139 (USENIX Association, 2024).

  38. Ahmad, B. et al. Don’t sweat it: toward CWE analysis techniques in early stages of hardware design. In Proc. 41st IEEE/ACM International Conference on Computer-Aided Design https://doi.org/10.1145/3508352.3549369 (IEEE, 2022).

  39. Meng, X., Kundu, S., Kanuparthi, A. K. & Basu, K. RTL-ConTest: concolic testing on RTL for detecting security vulnerabilities. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 41, 466–477 (2022).

    Article  Google Scholar 

  40. Redini, N. et al. KARONTE: detecting insecure multi-binary interactions in embedded firmware. In Proc. 2020 IEEE Symposium on Security and Privacy. https://doi.org/10.1109/SP40000.2020.00036 (IEEE, 2020).

  41. Chen, L. et al. Sharing more and checking less: leveraging common input keywords to detect bugs in embedded systems. In Proc. 30th USENIX Security Symposium 303–319 (USENIX Association, 2021).

  42. Zhou, Y. et al. Multi-misconfiguration diagnosis via identifying correlated configuration parameters. IEEE Trans. Softw. Eng. 49, 4624–4638 (2023).

    Article  Google Scholar 

  43. Clements, A. A. et al. HALucinator: firmware re-hosting through abstraction layer emulation. In Proc. 29th USENIX Security Symposium 1201–1218 (USENIX Association, 2020).

  44. Johnson, E. et al. Jetset: targeted firmware rehosting for embedded systems. In Proc. 30th USENIX Security Symposium 321–338 (USENIX Association, 2021).

  45. Wright, C., Moeglein, W. A., Bagchi, S., Kulkarni, M. & Clements, A. A. Challenges in firmware re-hosting, emulation, and analysis. ACM Comput. Surv. 54, 1–36 (2022). This article provides an end-to-end guide to the practitioner for firmware re-hosting, summarizing common challenges, explaining successive steps and surveying common tools used to overcome these challenges.

    Article  Google Scholar 

  46. Mera, A., Liu, C., Sun, R., Kirda, E. & Lu, L. SHiFT: semi-hosted fuzz testing for embedded applications. In Proc. 33rd USENIX Security Symposium 5323–5340 (USENIX Association, 2024).

  47. Xu, Z., Huang, W., Fan, W. & Cheng, Y. FIoTFuzzer: response-based black-box fuzzing for IoT devices. In Proc. 2022 IEEE/ACIS 22nd International Conference on Computer and Information Science 239–244 (IEEE, 2022); https://doi.org/10.1109/ICIS54925.2022.9882418.

  48. Scharnowski, T. et al. Fuzzware: using precise MMIO modeling for effective firmware fuzzing. In Proc. 31st USENIX Security Symposium 1239–1256 (USENIX Association, 2022).

  49. Hasanov, S., Nagy, S. & Gazzillo, P. A little goes a long way: tuning configuration selection for continuous kernel fuzzing. In Proc. 2025 IEEE/ACM 47th International Conference on Software Engineering 795–807 (IEEE, 2025); https://doi.org/10.1109/ICSE55339.2025.00117.

  50. Tempel, S., Herdt, V. & Drechsler, R. Specification-based symbolic execution for stateful network protocol implementations in IoT. IEEE Internet Things J. 10, 9544–9555 (2023).

    Article  Google Scholar 

  51. Li, J. et al. ECFuzz: effective configuration fuzzing for large-scale systems. In Proc. 46th IEEE/ACM International Conference on Software Engineering 48:1–48:12 (IEEE, 2024); https://doi.org/10.1145/3597503.3623315.

  52. Le, H. M., Große, D., Bruns, N. & Drechsler, R. Detection of Hardware Trojans in SystemC HLS designs via coverage-guided fuzzing. In Proc. 2019 Design, Automation & Test in Europe Conference & Exhibition 602–605 (IEEE, 2019); https://doi.org/10.23919/DATE.2019.8715068.

  53. Salvi, S. S. & Jain, A. Detection of unusual thermal activities in a semiconductor chip using backside infrared thermal imaging. J. Elect. Packaging 143, 020901 (2021).

    Article  Google Scholar 

  54. Ashok, M., Turner, M. J., Walsworth, R. L., Levine, E. V. & Chandrakasan, A. P. Hardware Trojan detection using unsupervised deep learning on quantum diamond microscope magnetic field images. ACM J. Emerg. Technol. Comput. Syst. 18, 1–25 (2022).

    Article  Google Scholar 

  55. Tang, N. et al. Hardware Trojan detection method based on the frequency domain characteristics of power consumption. In Proc. 2020 13th International Symposium on Computational Intelligence and Design 410–413 (IEEE, 2020); https://doi.org/10.1109/ISCID51228.2020.00099.

  56. Yan, C. et al. Sok: a minimalist approach to formalizing analog sensor security. In Proc. 2020 IEEE Symposium on Security and Privacy 233–248 (IEEE, 2020); https://doi.org/10.1109/SP40000.2020.00026. This article systematizes knowledge of attacks exploiting cross-field input and out-of-range input vulnerabilities of sensors.

  57. Nassi, B. et al. Video-based cryptanalysis: extracting cryptographic keys from video footage of a device’s power LED captured by standard video cameras. In Proc. 2024 IEEE Symposium on Security and Privacy 2422–2440 (IEEE, 2024); https://doi.org/10.1109/SP54263.2024.00163.

  58. Genkin, D., Nissan, N., Schuster, R. & Tromer, E. Lend me your ear: passive remote physical side channels on PCs. In Proc. 31st USENIX Security Symposium 4437–4454 (USENIX Association, 2022).

  59. Nahiyan, A. et al. Script: a CAD framework for power side-channel vulnerability assessment using information flow tracking and pattern generation. ACM Trans. Des. Autom. Electr. Syst. 25, 1–27 (2020).

    Article  Google Scholar 

  60. Yao, Y., Kathuria, T., Ege, B. & Schaumont, P. Architecture correlation analysis (ACA): identifying the source of side-channel leakage at gate-level. In Proc. 2020 IEEE International Symposium on Hardware Oriented Security and Trust 188–196 (IEEE, 2020); https://doi.org/10.1109/HOST45689.2020.9300277.

  61. Slpsk, P., Vairam, P. K., Rebeiro, C. & Kamakoti, V. Karna: a gate-sizing based security aware EDA flow for improved power side-channel attack protection. In Proc. 2019 IEEE/ACM International Conference on Computer-Aided Design https://doi.org/10.1109/ICCAD45719.2019.8942173 (IEEE, 2019).

  62. Muhammad Arsath, K. F., Ganesan, V., Bodduna, R. & Rebeiro, C. PARAM: a microprocessor hardened for power side-channel attack resistance. In Proc. 2020 IEEE International Symposium on Hardware Oriented Security and Trust 23–34 (IEEE, 2020); https://doi.org/10.1109/HOST45689.2020.9300263.

  63. Lakshmy, A., Rebeiro, C. & Bhunia, S. Fortify: analytical pre-silicon side-channel characterization of digital designs. In Proc. 2022 27th Asia and South Pacific Design Automation Conference 660–665 (IEEE, 2022); https://doi.org/10.1109/ASP-DAC52403.2022.9712551.

  64. Aljuffri, A., Saxena, M., Reinbrecht, C., Hamdioui, S. & Taouil, M. A pre-silicon power leakage assessment based on generative adversarial networks. In Proc. 2023 26th Euromicro Conference on Digital System Design 87–94 (IEEE, 2023); https://doi.org/10.1109/DSD59382.2023.00022.

  65. Althoff, A., Blackstone, J. & Kastner, R. Holistic power side-channel leakage assessment: towards a robust multidimensional metric. In Proc. 2019 IEEE/ACM International Conference on Computer-Aided Design https://doi.org/10.1109/ICCAD45719.2019.8942143 (ACM, 2019).

  66. Duan, X. et al. Automated security assessment for the Internet of Things. In Proc. 2021 IEEE 26th Pacific Rim International Symposium on Dependable Computing 47–56 (IEEE, 2021).

  67. Rizvi, S., Williams, I. & Campbell, S. TUI model for data privacy assessment in IoT networks. Internet Things 17, 100465 (2022).

    Article  Google Scholar 

  68. Rashed, M., Kamruzzaman, J., Gondal, I. & Islam, S. Vulnerability assessment framework for a smart grid. In Proc. 2022 4th Global Power, Energy and Communication Conference 449–454 (IEEE, 2022); https://doi.org/10.1109/GPECOM55404.2022.9815621.

  69. Yiğit, B., Gür, G., Alagöz, F. & Tellenbach, B. Cost-aware securing of IoT systems using attack graphs. Ad Hoc Netw. 86, 23–35 (2019).

    Article  Google Scholar 

  70. Ur-Rehman, A., Gondal, I., Kamruzzaman, J. & Jolfaei, A. Vulnerability modelling for hybrid industrial control system networks: vulnerability modelling for hybrid industrial control system networks. J. Grid Comput. 18, 863–878 (2020).

    Article  Google Scholar 

  71. Biondi, P., Bognanni, S. & Bella, G. Vulnerability assessment and penetration testing on IP camera. In Proc. 2021 8th International Conference on Internet of Things: Systems, Management and Security https://doi.org/10.1109/IOTSMS53705.2021.9704890 (IEEE, 2021).

  72. Yadav, G., Paul, K., Allakany, A. & Okamura, K. IoT-PEN: an E2E penetration testing framework for IoT. J. Inf. Process. 28, 633–642 (2020).

    Google Scholar 

  73. Stellios, I., Kotzanikolaou, P. & Grigoriadis, C. Assessing IoT enabled cyber–physical attack paths against critical systems. Comput. Secur. 107, 102316 (2021).

    Article  Google Scholar 

  74. Sharma, K. & Ghose, M. Wireless sensor networks: an overview on its security threats. IJCA Spec. Issue Mobile Ad-hoc Networks MANETs 1495, 42–45 (2010).

    Google Scholar 

  75. Naveenkumar, R. & Sivamangai, N. Hardware Trojans detection and prevention techniques review. Wirel. Pers. Commun. 136, 1147–1182 (2024).

    Article  Google Scholar 

  76. Godfrey, M. & Zulkernine, M. Preventing cache-based side-channel attacks in a cloud environment. IEEE Trans. Cloud Comput. 2, 395–408 (2014).

    Article  Google Scholar 

  77. Kaplan, D., Powell, J. & Woller, T. AMD memory encryption. White Paper. AMD https://docs.amd.com/v/u/en-US/memory-encryption-white-paper (2021).

  78. Cheng, X. et al. SpecLFB: eliminating cache side channels in speculative executions. In Proc. 33rd USENIX Security Symposium 631–646 (USENIX Association, 2024). The article addresses cache side-channel vulnerabilities arising from speculative execution in processors and proposes a solution that redesigns the speculative execution processes so that they do not generate exploitable cache side channels.

  79. Alves, T. & Felton, D. TrustZone: integrated hardware and software security. ARM White Paper. TOL https://www.techonline.com/tech-papers/trustzone-integrated-hardware-and-software-security/ (2004).

  80. Fang, K. & Yan, G. IoTReplay: troubleshooting COTS IoT devices with record and replay. In Proc. 2020 IEEE/ACM Symposium on Edge Computing 193–205 (IEEE, 2020); https://doi.org/10.1109/SEC50012.2020.00033.

  81. Rajput, P. H. N., Doumanidis, C. & Maniatakos, M. ICSPatch: automated vulnerability localization and non-intrusive hotpatching in industrial control systems using data dependence graphs. In Proc. 32nd USENIX Security Symposium 6861–6876 (USENIX Association, 2023).

  82. Le Goues, C., Pradel, M., Roychoudhury, A. & Chandra, S. Automatic program repair. IEEE Softw. 38, 22–27 (2021).

    Article  Google Scholar 

  83. Wang, J. et al. Software testing with large language models: survey, landscape, and vision. IEEE Trans. Softw. Eng. 50, 911–936 (2024).

    Article  Google Scholar 

  84. Memon, Z. & Saini, I. A comparative survey of blockchain-based security mechanisms for OTA updates in CAVs. In Proc. 2024 IEEE/ACM 17th International Conference on Utility and Cloud Computing 423–428 (IEEE, 2024); https://doi.org/10.1109/UCC63386.2024.00065.

  85. Li, K., Baird, C. & Lin, D. Defend data poisoning attacks on voice authentication. IEEE Trans. Depend. Secure Comput. 21, 1754–1769 (2023).

    Article  Google Scholar 

  86. Ferrari, C., Becattini, F., Galteri, L. & Bimbo, A. D. (Compress and restore) N: a robust defense against adversarial attacks on image classification. ACM Trans. Multim. Comput. Commun. Appl. 19, 1–16 (2023).

    Article  Google Scholar 

  87. Li, X. et al. Safeear: content privacy-preserving audio deepfake detection. In Proc. 2024 ACM SIGSAC Conference on Computer and Communications Security 3585–3599 (ACM, 2024); https://doi.org/10.1145/3658644.3670285.

  88. Greene, K. et al. Timestamp-based defense mechanism against replay attack in remote keyless entry systems. In Proc. 2020 IEEE International Conference on Consumer Electronics https://doi.org/10.1109/ICCE46568.2020.9043039 (IEEE, 2020).

  89. Zhou, R. et al. DeHiREC: detecting hidden voice recorders via ADC electromagnetic radiation. in Proc. 2023 IEEE Symposium on Security and Privacy 3113–3128 (IEEE, 2023); https://doi.org/10.1109/SP46215.2023.10179480.

  90. Gao, M. et al. Device-independent smartphone eavesdropping jointly using accelerometer and gyroscope. IEEE Trans. Depend. Secur. Comput. 20, 3144–3157 (2022).

    Article  Google Scholar 

  91. Li, X. et al. Inaudible adversarial perturbation: manipulating the recognition of user speech in real time. Preprint at https://doi.org/10.48550/arxiv.2308.01040 (2024).

  92. Li, X. et al. Enrollment-stage backdoor attacks on speaker recognition systems via adversarial ultrasound. IEEE Internet Things J. 11, 13108–13124 (2023).

    Article  Google Scholar 

  93. Bolton, C. et al. Blue note: how intentional acoustic interference damages availability and integrity in hard disk drives and operating systems. In Proc. 2018 IEEE Symposium on Security and Privacy 1048–1062 (IEEE, 2018); https://doi.org/10.1109/SP.2018.00050.

  94. Wei, L. et al. The recent progress of MEMS/NEMS resonators. Micromachines 12, 724 (2021).

    Article  Google Scholar 

  95. Krolák, D. & Horskỳ, P. An EMI susceptibility improved, wide temperature range bandgap voltage reference. IEEE Trans. Electromagn. Compat. 66, 801–808 (2024).

    Article  Google Scholar 

  96. Bona, C. & Fiori, F. L. A new filtering technique that makes power transistors immune to EMI. IEEE Trans. Power Electron. 26, 2946–2955 (2010).

    Article  Google Scholar 

  97. Trippel, T., Weisse, O., Xu, W., Honeyman, P. & Fu, K. WALNUT: waging doubt on the integrity of MEMS accelerometers with acoustic injection attacks. In Proc. 2017 IEEE European Symposium on Security and Privacy 3–18 (IEEE, 2017); https://doi.org/10.1109/EuroSP.2017.42.

  98. Sivanathan, A. et al. Classifying IoT devices in smart environments using network traffic characteristics. IEEE Trans. Mob. 18, 1745–1759 (2018).

    Google Scholar 

  99. Awwad, A. A. An adaptive context-aware authentication system on smartphones using machine learning. Int. J. Saf. Secur. Eng. 13, 903–915 (2023).

    MathSciNet  Google Scholar 

  100. He, W. et al. Rethinking access control and authentication for the home internet of things. In Proc. 27th USENIX Security Symposium 255–272 (USENIX Association, 2018).

  101. Fernandes, E. et al. FlowFence: practical data protection for emerging IoT application frameworks. In Proc. 25th USENIX Security Symposium 531–548 (USENIX Association, 2016).

  102. Jia, Y. J. et al. ContexloT: towards providing contextual integrity to appified IoT platforms. NDSS https://doi.org/10.14722/NDSS.2017.23051 (2017).

  103. Yang, Y., Huang, X., Li, J. & Sun, J. S. BubbleMap: privilege mapping for behavior-based implicit authentication systems. IEEE Trans. Mob. 22, 4548–4562 (2022).

    Google Scholar 

  104. Rao, V. & Prema, K. A review on lightweight cryptography for Internet-of-Things based applications. J. Ambient. Intell. Humaniz. Comput. 12, 8835–8857 (2021).

    Article  Google Scholar 

  105. Dworkin, M. J. et al. SHA-3 standard: permutation-based hash and extendable-output functions. NIST https://doi.org/10.6028/NIST.FIPS.202 (2015).

  106. Gugueoth, V., Safavat, S., Shetty, S. & Rawat, D. A review of IoT security and privacy using decentralized blockchain techniques. Comput. Sci. Rev. 50, 100585 (2023).

    Article  Google Scholar 

  107. Alyami, M., Alghamdi, A., Alkhowaiter, M. A., Zou, C. & Solihin, Y. Random segmentation: new traffic obfuscation against packet-size-based side-channel attacks. Electronics 12, 3816 (2023).

    Article  Google Scholar 

  108. Boyaci, O. et al. Graph neural networks-based detection of stealth false data injection attacks in smart grids. IEEE Syst. J. 16, 2946–2957 (2021).

    Article  Google Scholar 

  109. Kwon, H.-Y., Kim, T. & Lee, M.-K. Advanced intrusion detection combining signature-based and behavior-based detection methods. Electronics 11, 867 (2022).

    Article  Google Scholar 

  110. Almohri, H. M., Watson, L. T. & Evans, D. An attack-resilient architecture for the Internet of Things. IEEE Trans. Inf. Forensics Secur. 15, 3940–3954 (2020).

    Google Scholar 

  111. Gubbi, K. I. et al. Hardware Trojan detection using machine learning: a tutorial. ACM Trans. Embed. Comput. Syst. 22, 1–26 (2023).

    Article  Google Scholar 

  112. Zhang, Y. & Rasmussen, K. Detection of electromagnetic interference attacks on sensor systems. In Proc. 2020 IEEE Symposium on Security and Privacy 203–216 (IEEE, 2020); https://doi.org/10.1109/SP40000.2020.00001.

  113. Singh, S., Sharma, P. K., Moon, S. Y. & Park, J. H. Advanced lightweight encryption algorithms for IoT devices: survey, challenges and solutions. J. Ambient. Intell. Humaniz. Comput. 15, 1625–1642 (2024). This article reviews lightweight cryptographic primitives for IoT environments, analysing algorithms on the basis of key size, block size and performance, and proposes a security scheme to address challenges in resource-constrained IoT devices.

    Article  Google Scholar 

  114. Zhuang, Y. et al. Multi-sensor integrated navigation/positioning systems using data fusion: from analytics-based to learning-based approaches. Inf. Fusion 95, 62–90 (2023).

    Article  Google Scholar 

  115. Giechaskiel, I., Zhang, Y. & Rasmussen, K. B. A framework for evaluating security in the presence of signal injection attacks. In Proc. European Symposium on Research in Computer Security 512–532 (Springer, 2019); https://doi.org/10.1007/978-3-030-29959-0_25.

  116. Yan, C. et al. The feasibility of injecting inaudible voice commands to voice assistants. IEEE Trans. Depend. Secur. Comput. 18, 1108–1124 (2019).

    Google Scholar 

  117. Li, X. et al. Learning normality is enough: a software-based mitigation against inaudible voice attacks. In Proc. 32nd USENIX Security Symposium 2455–2472 (USENIX Association, 2023).

  118. Kaushik, S. et al. Robust machine learning based intrusion detection system using simple statistical techniques in feature selection. Sci. Rep. 15, 3970 (2025).

    Article  Google Scholar 

  119. Shin, H., Kim, D., Kwon, Y. & Kim, Y. Illusion and dazzle: adversarial optical channel exploits against LiDARs for automotive applications. In Proc. International Conference on Cryptographic Hardware and Embedded Systems 445–467 (2017); https://doi.org/10.1007/978-3-319-66787-4_22 (2017).

  120. Pires, I. M., Garcia, N. M., Zdravevski, E. & Lameski, P. Daily motionless activities: a dataset with accelerometer, magnetometer, gyroscope, environment, and GPS data. Sci. Data 9, 105 (2022).

    Article  Google Scholar 

  121. Mao, J., Zhu, S., Dai, X., Lin, Q. & Liu, J. Watchdog: detecting ultrasonic-based inaudible voice attacks to smart home systems. IEEE Internet Things J. 7, 8025–8035 (2020).

    Article  Google Scholar 

  122. Xu, W., Yan, C., Jia, W., Ji, X. & Liu, J. Analyzing and enhancing the security of ultrasonic sensors for autonomous vehicles. IEEE Internet Things J. 5, 5015–5029 (2018). The article demonstrates how ultrasonic sensors in autonomous vehicles can be compromised through spoofing and jamming attacks, resulting in critical malfunctions, and proposes effective defences using physical shift authentication and multiple sensor consistency checks.

    Article  Google Scholar 

  123. Bokharaie, V. S. & Jahanian, A. Side-channel leakage assessment metrics and methodologies at design cycle: a case study for a cryptosystem. J. Inf. Secur. Appl. 54, 102561 (2020).

    Google Scholar 

  124. Zhang, M. et al. OOBKey: key exchange with implantable medical devices using out-of-band channels. In Proc. 19th International Conference on Availability, Reliability and Security https://doi.org/10.1145/3664476.3670876 (Springer, 2024).

  125. Alabdulwahab, S., Cheong, M., Seo, A., Kim, Y.-T. & Son, Y. Enhancing deep learning-based side-channel analysis using feature engineering in a fully simulated IoT system. Expert Syst. Appl. 266, 126079 (2025).

    Article  Google Scholar 

  126. Zhang, G., Ji, X., Li, X., Qu, G. & Xu, W. EarArray: defending against DolphinAttack via acoustic attenuation. In Proc. 28th Network and Distributed System Security Symposium https://doi.org/10.14722/NDSS.2021.24551 (The Internet Society, 2021).

  127. Yu, Z., Kaplan, Z., Yan, Q. & Zhang, N. Security and privacy in the emerging cyber–physical world: a survey. IEEE Commun. Surv. Tutor. 23, 1879–1919 (2021). This article systematizes research on cyber–physical security, identifying attack patterns, proposing a general attack model and highlighting the need for defences against emerging threats that target the interaction between the cyber and physical domains.

    Article  Google Scholar 

  128. Liu, Z. et al. CamRadar: hidden camera detection leveraging amplitude-modulated sensor images embedded in electromagnetic emanations. In Proc. ACM Interactive, Mobile, Wearable Ubiquitous Technol. 6, 1–25 (ACM, 2023).

  129. Myers, J., Babun, L., Yao, E., Helble, S. & Allen, P. MAD-IoT: memory anomaly detection for the Internet of Things. In Proc. 2019 IEEE GLOBECOM Workshops https://doi.org/10.1109/GCWkshps45667.2019.9024539 (IEEE, 2019).

  130. Shekari, T., Cardenas, A. A. & Beyah, R. MaDIoT 2.0: modern high-wattage IoT botnet attacks and defenses. In Proc. 31st USENIX Security Symposium 3539–3556 (USENIX Association, 2022).

  131. Salkield, E. et al. Satellite spoofing from A to Z: on the requirements of satellite downlink overshadowing attacks. In Proc. 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks 341–352 (ACM, 2023); https://doi.org/10.1145/3558482.3590190.

  132. Armengol-Urpi, A., Kovacs, R. & Sarma, S. E. Brain-hack: remotely injecting false brain-waves with RF to take control of a brain-computer interface. In Proc. 5th Workshop on CPS&IoT Security and Privacy 53–66 (ACM, 2023); https://doi.org/10.1145/3605758.3623497.

  133. Slocum, C. et al. That doesn’t go there: attacks on shared state in multi-user augmented reality applications. In Proc. 33rd USENIX Security Symposium 2761–2778 (USENIX Association, 2024).

  134. Zhang, Y., Slocum, C., Chen, J. & Abu-Ghazaleh, N. It’s all in your head (set): side-channel attacks on AR/VR systems. In Proc. 32nd USENIX Security Symposium 3979–3996 (USENIX Association, 2023).

  135. Zhang, H. et al. BadRobot: manipulating embodied LLMs in the physical world. In Proc. 13th International Conference on Learning Representations https://doi.org/10.48550/arXiv.2407.20242 (2025).

  136. Liu, D. et al. A survey of attacks on large vision–language models: resources, advances, and future trends. IEEE Trans. Neural Netw. https://doi.org/10.1109/TNNLS.2025.3592935 (2025).

Download references

Author information

Authors and Affiliations

  1. Ubiquitous System Security Laboratory, Department of Electrical Engineering, Zhejiang University, Hangzhou, Zhejiang, China

    Chen Yan, Xiaoyu Ji, Qinhong Jiang, Kai Wang, Xintong Wang, Wenjun Zhu, Shilin Xiao, Xinfeng Li & Wenyuan Xu

Authors
  1. Chen Yan
    View author publications

    Search author on:PubMed Google Scholar

  2. Xiaoyu Ji
    View author publications

    Search author on:PubMed Google Scholar

  3. Qinhong Jiang
    View author publications

    Search author on:PubMed Google Scholar

  4. Kai Wang
    View author publications

    Search author on:PubMed Google Scholar

  5. Xintong Wang
    View author publications

    Search author on:PubMed Google Scholar

  6. Wenjun Zhu
    View author publications

    Search author on:PubMed Google Scholar

  7. Shilin Xiao
    View author publications

    Search author on:PubMed Google Scholar

  8. Xinfeng Li
    View author publications

    Search author on:PubMed Google Scholar

  9. Wenyuan Xu
    View author publications

    Search author on:PubMed Google Scholar

Contributions

Q.J., K.W., X.W. and X.L. researched data for the Review. C.Y., X.J., Q.J., W.Z., S.X. and W.X. contributed substantially to the discussion of the content. C.Y., Q.J., K.W., X.W., W.Z. and X.L. wrote the article. C.Y., X.J. and W.X. reviewed and edited the manuscript before submission.

Corresponding author

Correspondence to Wenyuan Xu.

Ethics declarations

Competing interests

The authors declare no competing interests.

Peer review

Peer review information

Nature Reviews Electrical Engineering thanks Bo Luo and the other, anonymous, reviewer(s) for their contribution to the peer review of this work.

Additional information

Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Related links

40 widely employed IoT protocols: https://www.emnify.com/iot-glossary/guide-iot-protocols

100 popular IoT manufacturers: https://www.iotone.com/iotone100

300 million cyberattacks: https://deepstrike.io/blog/iot-hacking-statistics

BlackEnergy malware: https://www.cisa.gov/news-events/ics-alerts/ir-alert-h-16-056-01

Common Vulnerabilities and Exposures database: https://cve.mitre.org

Common Vulnerability Scoring System: https://www.first.org/cvss/v3-1/cvss-v31-specification_r1.pdf

Creeper worm: https://www.exabeam.com/blog/infosec-trends/creeper-the-worlds-first-computer-virus

Differential Power Analysis Workstation: https://www.rambus.com/security/dpa-countermeasures

Hack of a connected vehicle: https://fractionalciso.com/the-groundbreaking-2015-jeep-hack-changed-automotive-cybersecurity

Hackers accessing a Las Vegas casino: https://www.forbes.com/sites/leemathews/2017/07/27/criminals-hacked-a-fish-tank-to-steal-data-from-a-casino

Introduction of IoT: https://www.dataversity.net/articles/brief-history-internet-things

IoT device security market: https://intersog.com/blog/development/iot-security-statistics

MITRE: https://cve.mitre.org/

Nessus: https://www.tenable.com/products

Number of IoT devices: https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide

Proportion of vulnerable IoT devices: https://www.infosecurity-magazine.com/news/iot-vulnerabilities-entry-point

Software vulnerabilities date back to 1965: https://online.maryville.edu/blog/history-of-cybersecurity

Stuxnet malware: https://en.wikipedia.org/wiki/Stuxnet

Verkada attack: https://www.cm-alliance.com/cybersecurity-blog/iot-security-5-cyber-attacks-caused-by-iot-security-vulnerabilities

Vulnerabilities: https://csrc.nist.gov/glossary/term/vulnerability

Vulnerability and attack repository for IoT: https://www.variotdbs.pl/vulns

Glossary

Buffer overflows

A software vulnerability that occurs when excess data overwrite adjacent memory, potentially allowing attackers to hijack control flow and execute arbitrary code.

Central processing unit

(CPU). The primary processor in a given computer.

Cyber domain

The digital environment that consists of network protocols, software applications and data logic.

Dynamic analysis

The identification of vulnerabilities by actively executing a device’s firmware and observing its behaviour within a test environment.

Dynamic random access memory

(DRAM). A type of random access semiconductor memory that stores each bit of data in a memory cell.

Graph-based frameworks

The visual representation of network topology used to assess how multiple vulnerabilities interact, propagate and chain to form potential attack paths across an IoT system.

Hardware Trojan

A malicious hardware modification that embeds a hidden backdoor, which can be triggered under specific conditions to manipulate device behaviour.

In-band vulnerabilities

Vulnerabilities that originate solely in the physical domain or cyber domain.

Keystroke vibration signals

Mechanical vibrations generated by key presses on a keyboard or input device that propagates through surfaces.

LiDARs

Light detection and ranging, a remote-sensing technology using pulsed laser light to measure distances and build 3D environmental representations.

Obfuscation

A technique that deliberately introduces noise, randomness or complexity into signals, data or system behaviour to prevent unauthorized parties from extracting meaningful information.

Out-of-band vulnerabilities

Vulnerabilities that originate from the anomalous signal-information conversion between the physical and cyber domains.

Over-the-air updates

An update to the firmware of an IoT device that is delivered through a wireless network, such as Wi-Fi or a cellular network.

Patching

An update released to fix vulnerabilities or improve a system.

Probing

Direct injection or extraction of internal electrical signals by physically accessing cables and wires.

Physical domain

The tangible, material environment in which IoT devices operate.

Solid-state drives

A non-volatile data storage device that uses integrated circuit assemblies, typically flash memory, to store data without moving mechanical parts.

Static analysis

The automated examination of embedded firmware or hardware design without executing the device.

Vulnerability scoring

The systematic quantification of a vulnerability’s severity on the basis of exploitability and potential system impact, providing a standardized score to prioritize security responses.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yan, C., Ji, X., Jiang, Q. et al. Cybersecurity vulnerabilities in IoT devices. Nat Rev Electr Eng (2026). https://doi.org/10.1038/s44287-026-00296-5

Download citation

  • Accepted:

  • Published:

  • Version of record:

  • DOI: https://doi.org/10.1038/s44287-026-00296-5

Search

Advanced search

Quick links

Nature Briefing AI and Robotics

Sign up for the Nature Briefing: AI and Robotics newsletter — what matters in AI and robotics research, free to your inbox weekly.

Get the most important science stories of the day, free in your inbox. Sign up for Nature Briefing: AI and Robotics