Security Landscape of the Internet of Things (IoT): A Systematic Review of Vulnerabilities, Defense Mechanisms, and Future Research Directions
Abstract
The Internet of Things (IoT) has fundamentally transformed the digital landscape, connecting billions of smart devices that facilitate automation and efficiency across various sectors. Projections indicate that the number of IoT devices will reach 18.8 billion by 2024 and surpass 75 billion by 2025, signaling exponential growth and a significant economic impact. However, this proliferation also creates an expansive attack surface, giving rise to complex and critical security and privacy challenges. This research presents a Systematic Literature Review (SLR) to map the modern IoT security landscape. By analyzing 15 studies published between 2023 and 2025, we identify, classify, and synthesize key findings. The analysis reveals that the most dominant vulnerabilities include weak authentication, insecure firmware, and a lack of encryption. The most frequent attacks are Denial-of-Service (DoS), malware (especially botnets like Mirai), and social engineering-based attacks. In response, the research community has massively proposed solutions based on Machine Learning (ML) and Artificial Intelligence (AI) for anomaly and intrusion detection, as well as leveraging Blockchain technology for data integrity and decentralization. Nevertheless, significant challenges persist, particularly related to scalability, resource constraints on IoT devices, a lack of standardization, and the future threat of quantum computing. This review concludes that a holistic, layered security approach—combining technological advancements, industry standardization, and user education—is essential for building a secure and trustworthy IoT ecosystem.
References
H. Sebestyen, D. E. Popescu, and R. D. Zmaranda, “A Literature Review on Security in the Internet of Things: Identifying and Analysing Critical Categories,” Feb. 01, 2025, Multidisciplinary Digital Publishing Institute (MDPI). doi:10.3390/computers14020061.
M. Ayari et al., “The Convergence of Blockchain and IoT: A New Paradigm for Secure Connected Devices.” [Online]. Available: https://www.researchgate.net/publication/387857359
U. Tariq, I. Ahmed, A. K. Bashir, and K. Shaukat, “A Critical Cybersecurity Analysis and Future Research Directions for the Internet of Things: A Comprehensive Review,” Apr. 01, 2023, MDPI. doi:10.3390/s23084117.
S. Singh Sikarwar, “Computation Intelligence Techniques for Se-curity in IoT Devices,” International Journal on Computational Modelling Applications Singh Sikarwar, vol. 02, no. 002, pp.15–27, 2025, [Online]. Available:http://creativecommons.org/licenses/by/4.0/
H. El-Sofany, S. A. El-Seoud, O. H. Karam, and B. Bouallegue, “Using machine learning algorithms to enhance IoT system security,” Sci Rep, vol. 14, no. 1, Dec. 2024, doi: 10.1038/s41598-024-62861-y.
Y. G. Hassan, A. Collins, G. O. Babatunde, A. A. Alabi, and S. D. Mustapha, “Secure smart home IoT ecosystem for public safety and privacy protection,”International Journal of Multidisciplinary Research and Growth Evaluation, vol. 5, no. 1, pp. 1151–1157, 2024, doi:10.54660/.IJMRGE.2024.5.1.1151-1157.
T. Zhukabayeva, L. Zholshiyeva, N. Karabayev, S. Khan, and N. Alnazzawi, “Cybersecurity Solutions for Industrial Internet of Things–Edge Computing Integration: Challenges, Threats, and Future Directions,” Sensors, vol. 25, no. 1, Jan. 2025, doi:10.3390/s25010213.
A. A. Almuqren, “Cybersecurity threats, countermeasures and mitigation techniques on the IoT: Future research directions,” Journal of Cyber Security and Risk Auditing, vol. 1, no. 1, pp. 1–11, Jan. 2025, doi: 10.63180/jcsra.thestap.2025.1.1.
P. Gajkumar Shah, “AI-Enabled Security Protocols for Safeguarding Wireless Communications and IOT Devices.”
T. E. Ali, F. I. Ali, P. Dakić, and A. D. Zoltan, “Trends, prospects, challenges, and security in the healthcare internet of things,” Computing, vol. 107, no. 1, Jan. 2025, doi: 10.1007/s00607-024-01352-4.
V. R. Kebande and A. I. Awad, “Industrial Internet of Things Ecosystems Security and Digital Forensics: Achievements, Open Challenges, and Future Directions,” ACM Comput Surv, vol. 56, no. 5, May 2024, doi: 10.1145/3635030.
T. Magara and Y. Zhou, “Internet of Things (IoT) of Smart Homes: Privacy and Security,” Journal of Electrical and Computer Engineering, vol. 2024, 2024, doi: 10.1155/2024/7716956.
R. Salama and F. Al-Turjman, “Security And Privacy in Mobile Cloud Computing and the Internet of Things.”
S. F. Ahmed et al., “Toward a Secure 5G-Enabled Internet of Things: A Survey on Requirements, Privacy, Security, Challenges, and Opportunities,” IEEE Access, vol. 12, pp. 13125–13145, 2024, doi:10.1109/ACCESS.2024.3352508.
R. Bukhowah, A. Aljughaiman, and M. M. H. Rahman, “Detection of DoS Attacks for IoT in Information-Centric Networks Using Machine Learning: Opportunities, Challenges, and Future Research Directions,” Mar. 01, 2024, Multidisciplinary Digital Publishing Institute (MDPI). doi: 10.3390/electronics13061031
Helmiawan, M. A., & Wiharko, T. (2018). Application of Fingerprint Security System on Motorcycles using Arduino Microcontroller. J-Tin’s-Jurnal Teknik Informatika, 2(1).
Helmiawan, M. A., Juna, D. I., & Ramdhani, B. (2018). Pengamanan Sistem Dan Data E-Voting Berbasis Network. INTERNAL (Information System Journal), 1(1), 1–10.
Helmiawan, M. A., Firmansyah, E., Fadil, I., Sofivan, Y., Mahardika, F., & Guntara, A. (2020). Analysis of web security using open web application security project 10. 2020 8th International Conference on Cyber and IT Service Management
Helmiawan, M. A., Julian, E., Cahyan, Y., & Saeppani, A. (2021). Experimental evaluation of security monitoring and notification on network intrusion detection system for server security. 2021 9th International Conference on Cyber and IT Service Management (CITSM ….
Helmiawan, M. A., Fadil, I., Sofiyan, Y., & Firmansyah, E. (2021). Security model using intrusion detection system on cloud computing security management. 2021 9th International Conference on Cyber and IT Service Management (CITSM ….
Helmiawan, M. A., & Nasution, A. I. (2022). The Effect of Internet Banking Use and Customer Protection Against Cyber Crime at Bank Rakyat Indonesia. Journal of Islamic Economics and Business, 2(2), 170–183.