查看文章

The Internet of Things (IoT) interconnects physical and virtual objects embedded with sensors, software, and other technologies, which exchange data using the Internet. This technology allows billions of devices and people to communicate, share data, and personalize services to make our lives easier. Despite the multiple benefits offered by IoT, it may also represent a critical issue due its lack of information security. Since the number of IoT devices has been rapidly increasing all over the world, they have become a target for many attackers, who try to steal sensitive information and compromise people’s privacy. As part of the IoT environment, data and services should be protected with features such as confidentiality, accuracy, comprehensiveness, authentication, access control, availability, and privacy. Cybersecurity threats are unique to the Internet of Things, which has unique characteristics and limitations. In consideration of this, a variety of threats and attacks are being launched daily against IoT. Therefore, it is important to identify these types of threats and find solutions to mitigate their risks. Therefore, in this paper, we reviewed and identified the most common threats in the IoT environment, and we classified these threats based on three layers of IoT architecture. In addition, we discussed the most common countermeasures to control the IoT threats and mitigation techniques that can be used to mitigate these threats by reviewing the related publications, as well as analyzing the popular application-layer protocols employed in IoT environments and their security risks and challenges.