Recent years have seen rapid development and deployment of Internet-of-Things (IoT) applications in a diversity of application domains. This has resulted in creation of new applications (e.g., vehicle networking, smart grid, and wearables) as well as advancement, consolidation, and transformation of various traditional domains (e.g., medical and automotive). One upshot of this scale and diversity of applications is the emergence of new and critical threats to security and privacy: it is getting increasingly easier for an adversary to break into an application, make it unusable, or steal sensitive information and data. This paper provides a summary of IoT security attacks and develops a taxonomy and classification based on the application domain and underlying system architecture. We also discuss some key characteristics of IoT that make it difficult to develop robust security architectures for IoT applications.

This paper is partially supported by the National Key Research and Development Program of China under grant no. 2016YFC0801607, the National Natural Science Foundation of China (NSFC) under grant no. 61602104, the National Science Foundation (DGE-1802701, CNS-1739736), and Cisco.
Chen, K., Zhang, S., Li, Z. et al. Internet-of-Things Security and Vulnerabilities: Taxonomy, Challenges, and Practice. J Hardw Syst Secur 2, 97–110 (2018). https://doi.org/10.1007/s41635-017-0029-7
