Internet of Things Security: A Survey on Common Attacks

TL;DR

This survey comprehensively analyzes 28 common IoT security attacks, classifies their threats, assesses their criticality, and discusses mitigation techniques to guide future research and practical security improvements.

Contribution

It provides a structured threat classification, criticality assessment, and a comprehensive overview of mitigation strategies for IoT security challenges.

Findings

Identified 28 common IoT attacks including traditional and specialized threats.

Mapped threats to five vulnerability classes revealing technical entry points.

Discussed state-of-the-art mitigation techniques and research gaps.

Abstract

The exponential growth of the Internet of Things (IoT) has integrated connected devices into various sectors like smart cities, digital health, and Industry 4.0, generating vast amounts of real-time data to support intelligent decision-making. However, this widespread adoption is fundamentally challenged by significant security risks, primarily due to the inherent computational limitations of devices, lack of standardization, and an expanding attack surface. Given that security is paramount to ensuring trust in these environments, this paper presents a comprehensive survey and a multi-dimensional analysis of the IoT threat landscape. It describes 28 common attacks, ranging from traditional threats, such as Man-in-the-Middle, to specialized IoT exploits, including node replication and skimming. To provide a structured understanding of these risks, we employ the STRIDE model for functional threat classification alongside the CVSS framework for quantitative criticality assessment. Furthermore, the research establishes a robust mapping between these threats and five foundational vulnerability classes (Process, Code, Communication, Operation, and Device), uncovering the specific technical entry points exploited by adversaries. Beyond threat identification, the survey presents state-of-the-art mitigation techniques and discusses emerging paradigms and research gaps, working as a roadmap for future investigation and providing a consolidated technical foundation for both researchers and practitioners aiming to build resilient and secure IoT ecosystems.