Vulnerabilities of IoT Network Architectures: Classification and Real Incidents

Authors

DOI:

https://doi.org/10.18372/2225-5036.31.20639

Keywords:

IoT, vulnerabilities, communication protocols, cybersecurity, Mirai, industrial attacks, critical infrastructure

Abstract

The rapid expansion of the Internet of Things (IoT) has resulted in a growing number of devices integrated into critical infrastructure, industry, and everyday life. At the same time, limited computational resources, protocol heterogeneity, and the lack of proper update mechanisms make IoT ecosystems vulnerable to a wide range of attacks. This article systematizes the main categories of IoT vulnerabilities, including device limitations, protocol weaknesses, default configurations, physical access, and organizational factors. Special attention is paid to the analysis of communication protocol flaws (MQTT, HTTP, CoAP) and the description of common incidents, such as the Mirai botnet and industrial safety system attacks Triton and CrashOverride. The results show that vulnerabilities exist at all levels of IoT network architecture, and even a single weakness can lead to large-scale consequences. The presented classification and real-world attack cases can be applied to the development of effective IoT protection strategies and further advancement of cybersecurity solutions

References

Michelena Á., García-Ordás M.T., Aveleira-Mata J., Yereguí Marcos D., Timiraos Díaz M., Zayas-Gato F., Jove E., Casteleiro-Roca J.L., Quintián H., Alaiz-Moretón H., Calvo-Rolle J.L., Beta Hebbian Learning for intrusion detection in networks with MQTT protocols for IoT devices, Journal of Logic and Computation, Oxford University Press, 2024, Vol. 32, No. 2, pp. 352–374.

Jeffrey N., Tan Q., Villar J.R., Using Ensemble Learning for Anomaly Detection in Cyber–Physical Systems, Electronics, MDPI, 2024, Vol. 13, No. 7, Article 1391.

Althiyabi T., Ahmad I., Alassafi M.O., Enhancing IoT Security: A Few-Shot Learning Approach for Intrusion Detection, Mathematics, MDPI, 2024, Vol. 12, No. 7, Article 1055.

Wakili A., Bakkali S., Privacy-preserving security of IoT networks: A comparative analysis of methods and applications, Cyber Security and Applications, KeAi Publishing, 2025, Vol. 3, Article 100084.

Iqbal F., Ahmed S., Tariq M.A.B., Waqas H.A., Al-Ammar E.A., Wabaidur S.M., A Survey on Energy-Aware Security Mechanisms for the Internet of Things, Applied Sciences, MDPI, 2024, Vol. 14, No. 1, Article 499.

Lefoane M., Ghafir I., Kabir S., Awan I.-U., Internet of Things botnets: A survey on artificial intelligence based detection techniques, Journal of Network and Computer Applications, Elsevier, 2025, Vol. 236, Article 104110.

Abdullah A., Albaihani A.N.A., Osman B., Omar Y., Detecting Wormhole Attack in Environmental Monitoring System for Agriculture using Deep Learning, Journal of Advanced Research in Applied Sciences and Engineering Technology, 2025, Vol. 51, No. 2, pp. 153–176.

Van Woudenberg J., O’Flynn C., The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks, No Starch Press, San Francisco, 2022, 486 p.

Chantzis F., Stais I., Calderón P., Deirmentzoglou E., Woods B., Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things, No Starch Press, San Francisco, 2021, 464 p.

Alrawais A., Alhothaily A., Hu C., Cheng X., Fog Computing for the Internet of Things: Security and Privacy Issues, IEEE Internet Computing, IEEE, 2017, Vol. 21, No. 2, pp. 34–42.

Sicari S., Rizzardi A., Grieco L.A., Coen-Porisini A., Security, Privacy and Trust in Internet of Things: The Road Ahead, Computer Networks, Elsevier, 2015, Vol. 76, pp. 146–164.

Lin J., Yu W., Zhang N., Yang X., Zhang H., Zhao W., A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications, IEEE Internet of Things Journal, IEEE, 2017, Vol. 4, No. 5, pp. 1125–1142.

Humayed A., Lin J., Li F., Luo B., Cyber–Physical Systems Security: A Survey, IEEE Internet of Things Journal, IEEE, 2017, Vol. 4, No. 6, pp. 1802–1831.

Downloads

Published

2025-04-22

How to Cite

ПАСТУЩАК , Д. В. (2025). Vulnerabilities of IoT Network Architectures: Classification and Real Incidents. Ukrainian Scientific Journal of Information Security, 31(1), 61–67. https://doi.org/10.18372/2225-5036.31.20639

Issue

Vol. 31 No. 1 (2025): Ukrainian Scientific Journal of Information Security

Section

Network & Internet Security

License

The scientific journal "Ukrainian Scientific Journal of Information Security" adheres to the principles of open science and provides free, free and permanent access to all published materials. The goal of the policy is to increase the visibility, citation and impact of the results of scientific research in the field of information security. The journal works according to the principles of Open Access and does not charge a fee for access to published articles.

All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.

Copyright

Authors who publish their works in the journal Ukrainian Scientific Journal of Information Security:

  • retain the copyright to their publications;

  • grant the journal the right of first publication of the article;

  • agree to the distribution of their materials under the CC BY 4.0 license;

  • have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.