Setup Menus in Admin Panel

Internet of Things and security and privacy issues

Smart consumer devices connected to the Internet of Things are constantly collecting personal information from consumers. Therefore, one of the biggest concerns related to the implementation of Internet of Things in our daily lives is linked to the security and privacy of personal and even sensitive personal information, since the theft of personal information can cause serious harm to individuals, businesses and overall society. IoT is a ubiquitous technology with a complex architecture and structure. Consequently, it creates novel security and privacy problems, hitherto considered harmless or undefined. Those concerns are mainly related to:

  1. IoT technologies have longer lifespan compared to smartphones and desktop computers.
  2. There are various numbers of manufacturers, most without traditional information technology (IT) expertise, resulting in interoperability issues and poor security hygiene.
  3. This lack of IT expertise extends to end users (who are all de facto system administrators).
  4. Number of devices and global connectedness exacerbate all issues. In fact, it is estimated that there are 50 billion connected devices at this moment.

Security of data and user’s privacy are different concepts but they are not mutually exclusive. Indeed, a security attack or cyberattack, automatically compromises user’s privacy.

The challenges that must be overcome to resolve IoT security and privacy issues are immense. This is primarily because of the many constraints attached to the provision of security and privacy in IoT systems. Nevertheless, in the box below a brief definition of those concepts, applied to IoT, is presented.

The type of security and privacy threats and attacks that IoT is subject to depends on its layers, since each layer has different particularities and associated technologies. In the following table a summary of the most common cyberattacks to IoT framework as well as the degree of impact to the four layers that composes IoT architecture are displayed:


Brief description





Malicious code Any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system High High Low High
DoS attack Cyberattack in which the perpetrator seeks to make a machine or network resource unavailable Low High High Low
Routing Information Protocols that routers can use to exchange network topology information Low High High Low
Eavesdropping Is the act of secretly or stealthily listening to the private conversation or communications of others without their consent High Medium High Medium
Identity theft Deliberate use of someone else’s identity usually as a method to gain a financial advantage or other personal information High Medium High Medium
Sinkhole attack Threatens the security of WSNs at almost evert layer of their protocol stack Medium High Low Low
Phishing attack Fraudulent attempt to obtain sensitive information or data typically carried out by email spoofing or instant messaging Low
Low Medium High

As you can observe, there is a variety of possible attacks that can compromise IoT devices security and privacy with a different level of impact depending on the layer. Thus, there are considerable challenges that must be tackles by all parties involved: IoT manufacture or developer, government and end user.

SEE ALL Add a note
Add your Comment