A Survey and Analysis of Recent IoT Device Vulnerabilities

Abstract The cyber threat landscape is constantly shifting, especially in the evolutionary area of the Internet of Things, which makes it vital to survey the vulnerabilities that are presently being discovered and attacked, so that we can better combat those threats in the future. By collecting and profiling all of the IoT vulnerabilities reported on by the cybersecurity news site Threatpost between January 2020 and June 2021, we provide a cross-section of the current security issues found in today's IoT devices. Our detailed analysis of this dataset yields a many-faceted understanding of the threat landscape during this period, including CWEs (Common Weakness Enumeration), CVSS (Common Vulnerability Scoring System) scores, timelines, vulnerability locations, programming languages, and other attack story attributes, delivering a solid foundation for future IoT security efforts. Our findings are that while the majority of recent IoT device vulnerabilities occur in the software layer and arise from common IT weaknesses, there is a great need for a shared database of IoT vulnerabilities for continuous evaluation of the state of IoT security.