Meta Analysis on Security Vulnerabilities in

Internet of Things
Devamekalai Nagasundaram
National Advanced IPv6 center
University Sains Malaysia
mekalai.deva@gmail.com
Abstract - The vast increase in the IoT technology have
opened a new channel for attackers to attack IoT devices. Despite
various empirical research studies carried out on vulnerabilities
of IoT devices, there are no meta-analysis research have been
done. Therefore, the purpose of this study is to perform metaanalysis study on security vulnerabilities in IoT. The metaanalysis study method was performed on 7 related articles
collected from research paper databases. The findings of this
study reveals that Less significant Privacy concern on data,
Insecure Software and Firmware, Insufficient Authentication
and authorization and Insecure web Interface as main
vulnerabilities. The paper also discussed on the suggestion to
solve this issue and future studies that need to be done in this
area.
KeywordsIoT; Vulnerabilities; security

I. INTRODUCTION
IoT is becoming vast growing technology in both social and
business networking. The perception of IoT is many-folded at
the present time, it includes numerous different expertise,
services, technologies and standards. [1] IoT is seeming to be
the peak of attention of the computing market. From a rational
view, IoT can be defined as group of sensors or smart devices
working together to complete a common task. In a
technological view, IoT can be said as deployments of several
processing power and communication protocols, which work
collaborative basis by transferring data to each other via
connected environment. For example, IoT devices now can
been seen as the wired and interconnected devices available in
the home such as refrigerator and smart watch. Although these
devices make persons life easier, but they also have provided
new platform for hackers to get in. [2]
IoT devices said to be more important in persons life
compared to mobile devices nowadays. IoT devices also can be
considered to have more personal data info such as banking
details and private datas which need high security protection.
These leads to higher security concerns on the connected
devices. The increase in the number of connected device also
multiply the number of security concern [2]. It is very
important to understand the security risk and the vulnerabilities

in according to what IoT devices have access. The main reason

for all these security attacks, are the vulnerabilities that present
in the system. Thus this paper will talk about the vulnerabilities
in the IoT system and will give suggestion to improve this
situation.

II. VULNERABILITIES
In computer security, a vulnerability is a weakness which
permits an invader to decrease a system's data assurance.
Vulnerability can allows attackers to access unauthorized data,
run commands or conduct denial of service attack [3].
Vulnerability is the connection of three elements, which is a
systems defenselessness or flaw, invader access to the flaw,
and invader capability to identify and make use of the flaw.
Vulnerability can be found in variety of areas in the IoT
systems. In particular, they can be weaknesses in system
hardware or software, weaknesses in policies and procedures
used in the systems and weaknesses of the system users
themselves [4]. IoT applications are based on two main
constituents; system hardware and system software, and both
have design flaws pretty often. Hardware vulnerabilities are
harder to detect at the same time it is difficult to fix even if the
vulnerability were identified due to hardware compatibility and
interoperability. Software vulnerabilities can be found in
operating systems, application software, and control software
like communication protocols and devices drivers [5]. There
are a number of factors that lead to software design flaws,
including human factors and software complexity. Technical
vulnerabilities usually happen due to human weaknesses.
Results of not understanding the requirements comprise
starting the project without a plan, poor communication
between developers and users, a lack of resources, skills, and
knowledge, and failing to manage and control the system
[4].There are few vulnerabilities in IoT devices which leads to
security risk.
A. Less significant Privacy concern on data
Huge number of IoT devices collecting trillions of data per
second through network. These data are inclusive of personal
details such as name, address, credit card details, and health

information. All these data mostly will be transferred to clouds

to be stored which increase the security risk. According to HP,
many devices are transmitting these information unencrypted
on their home network which leads to expose their data to the
world via wireless network [4]. Many companies are working
hard to take advantage on the cloud and the services it can
provide to them.
B. Insecure Software and Firmware
As widely known, software application is what make IoT
devices to function according to it needs. Thus there is no
proper solution to update and download process within this
software application. Fact says that 60 percent of devices have
no encryptions during downloading the updates from the
server. These give way to interception and extraction of data
during downloads.
C. Insufficient Authentication and authorization
Authentication and authorization is one of the main
element in security protection. IoT, in fact, enables a constant
transfer and sharing of data among things and users in order to
achieve particular goals. In such a sharing environment,
authentication, authorization, access control and nonrepudiation are important to ensure secure communication [6].
Attackers tends to use vulnerabilities such as weak password,
poorly protected credentials, insecure password recovery
mechanism to hack into the system. Most of the IoT devices
failed to require maximum length and complexity password as
compulsory requirement. Therefore users tend to have easier
password such as 1234 or password. This attitude give
way for the intruders to gain access into the system.
D. Insecure web Interface
Most of the Iot devices used for HP survey displayed
concern on their web interface [4]. Web interface can be said
as one of majorly used interface for IoT application. Therefore
lack in persistent cross site scripting, poor session
management and weak default credentials being a loop hole
for the system which leads to attackers to gain access. Most of
the service providers do not give enough importance for this
aspect where this become a bad reputation for the system.

III. SUGGESTION
The main stream of IoT devices and systems are visible to
common vulnerabilities as discussed earlier, like developers
and users mistakes. Taking simple steps to avoid such
vulnerabilities and dealing with system threats is not adequate;
thus, guaranteeing a smooth policy implementation process
braced by robust measures is necessary.
The security development process involves detailed
understanding of a systems properties, followed by
categorizing different vulnerabilities and threats that can exist.
It is compulsory to find what the system properties are and
what the properties should be endangered against. Some
common, IoT properties include system hardware, software,

data and information, as well as properties correlated to

services, such as service reputation. It has been clearly shown
that it is vital to understand the vulnerabilities in order to
distribute better system mitigation.
Other than that, developers should always have some
straightforward testing mechanism to simply testing the web
interfaces, manual review network traffic or to review
authentication and authorization. This helps to reduce the
vulnerabilities in the IoT devices.
Moreover, implementing security standards which all
device must meet before production should be made
compulsory. There are many security controls which can be
used to raise any vulnerabilities found in the system. Thus
security standards should be introduced to force developers to
make use of it. Implementing security process early on the
product development also can make sure that IoT devices are
passed with security standards and less vulnerabilities.

IV. CONCLUSION
IoT devices and systems together faces a number of
vulnerabilities that must be recognized for protective action to
be taken. In this paper, security vulnerabilities and suggestion
to solve it were introduced. The overall goal was to identify
and document potential vulnerabilities faced by the IoT.
An overview of the most important IoT security
vulnerabilities was provided, with particular focus on security
challenges surrounding IoT devices and services.
It was concluded that plentiful work remains to be done in
the area of IoT security, by both developers and end-users. It
is significant for forthcoming standards to report the
deficiencies of current IoT security mechanisms. As future
work, the objective is to gain deeper understanding of the
threats facing IoT infrastructure as well as identify the
likelihood and consequences of threats against IoT.

Reference
[1]

[2]

[3]

[4]
[5]

[6]

S. Sicari a,, A. Rizzardi a, L.A. Grieco b, A. Coen-Porisini , Security,

privacy and trust in Internet of Things: The road ahead DISTA, Dep. of
Theoretical and Applied Science, University of Insubria, v. Mazzini 5,
21100 Varese, Italy, 2014 Elsevier B.V. All rights reserved
Internet of things research study 2015 report 20142015 Hewlett
Packard Enterprise Development LP. 4AA5-4759ENW, November
2015, Rev. 1
E. Bertino, L. D. Martino, F. Paci, and A. C. Squicciarini, Web services
threats, vulnerabilities, and countermeasures, in Security for Web
Services and Service-Oriented Architectures. Springer, 2010, pp. 2544.
J. M. Kizza, Guide to Computer Network Security. Springer, 2013.
Mohamed Abomhara and Geir M. Kien, Cyber Security and the
Internet of Things: Vulnerabilities, Threats, Intruders and Attacks
Journal of Cyber Security, Vol. 4, 6588. doi: 10.13052/jcsm22451439.414, 2015
R. Roman, J. Zhou, J. Lopez, On the features and challenges of security
and privacy in distributed internet of things, Comput. Networks 57 (10)
(2013) 22662279.