Vulnerabilities of IoT Network Architectures: Classification and Real Incidents
DOI:
https://doi.org/10.18372/2225-5036.31.20639Keywords:
IoT, vulnerabilities, communication protocols, cybersecurity, Mirai, industrial attacks, critical infrastructureAbstract
The rapid expansion of the Internet of Things (IoT) has resulted in a growing number of devices integrated into critical infrastructure, industry, and everyday life. At the same time, limited computational resources, protocol heterogeneity, and the lack of proper update mechanisms make IoT ecosystems vulnerable to a wide range of attacks. This article systematizes the main categories of IoT vulnerabilities, including device limitations, protocol weaknesses, default configurations, physical access, and organizational factors. Special attention is paid to the analysis of communication protocol flaws (MQTT, HTTP, CoAP) and the description of common incidents, such as the Mirai botnet and industrial safety system attacks Triton and CrashOverride. The results show that vulnerabilities exist at all levels of IoT network architecture, and even a single weakness can lead to large-scale consequences. The presented classification and real-world attack cases can be applied to the development of effective IoT protection strategies and further advancement of cybersecurity solutions
References
Michelena Á., García-Ordás M.T., Aveleira-Mata J., Yereguí Marcos D., Timiraos Díaz M., Zayas-Gato F., Jove E., Casteleiro-Roca J.L., Quintián H., Alaiz-Moretón H., Calvo-Rolle J.L., Beta Hebbian Learning for intrusion detection in networks with MQTT protocols for IoT devices, Journal of Logic and Computation, Oxford University Press, 2024, Vol. 32, No. 2, pp. 352–374.
Jeffrey N., Tan Q., Villar J.R., Using Ensemble Learning for Anomaly Detection in Cyber–Physical Systems, Electronics, MDPI, 2024, Vol. 13, No. 7, Article 1391.
Althiyabi T., Ahmad I., Alassafi M.O., Enhancing IoT Security: A Few-Shot Learning Approach for Intrusion Detection, Mathematics, MDPI, 2024, Vol. 12, No. 7, Article 1055.
Wakili A., Bakkali S., Privacy-preserving security of IoT networks: A comparative analysis of methods and applications, Cyber Security and Applications, KeAi Publishing, 2025, Vol. 3, Article 100084.
Iqbal F., Ahmed S., Tariq M.A.B., Waqas H.A., Al-Ammar E.A., Wabaidur S.M., A Survey on Energy-Aware Security Mechanisms for the Internet of Things, Applied Sciences, MDPI, 2024, Vol. 14, No. 1, Article 499.
Lefoane M., Ghafir I., Kabir S., Awan I.-U., Internet of Things botnets: A survey on artificial intelligence based detection techniques, Journal of Network and Computer Applications, Elsevier, 2025, Vol. 236, Article 104110.
Abdullah A., Albaihani A.N.A., Osman B., Omar Y., Detecting Wormhole Attack in Environmental Monitoring System for Agriculture using Deep Learning, Journal of Advanced Research in Applied Sciences and Engineering Technology, 2025, Vol. 51, No. 2, pp. 153–176.
Van Woudenberg J., O’Flynn C., The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks, No Starch Press, San Francisco, 2022, 486 p.
Chantzis F., Stais I., Calderón P., Deirmentzoglou E., Woods B., Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things, No Starch Press, San Francisco, 2021, 464 p.
Alrawais A., Alhothaily A., Hu C., Cheng X., Fog Computing for the Internet of Things: Security and Privacy Issues, IEEE Internet Computing, IEEE, 2017, Vol. 21, No. 2, pp. 34–42.
Sicari S., Rizzardi A., Grieco L.A., Coen-Porisini A., Security, Privacy and Trust in Internet of Things: The Road Ahead, Computer Networks, Elsevier, 2015, Vol. 76, pp. 146–164.
Lin J., Yu W., Zhang N., Yang X., Zhang H., Zhao W., A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications, IEEE Internet of Things Journal, IEEE, 2017, Vol. 4, No. 5, pp. 1125–1142.
Humayed A., Lin J., Li F., Luo B., Cyber–Physical Systems Security: A Survey, IEEE Internet of Things Journal, IEEE, 2017, Vol. 4, No. 6, pp. 1802–1831.
