top of page

What’s new in the world of IoT - and how cybercriminals are taking advantage

The Internet of Things (IoT) has transformed our lives, bringing intelligence and automation into homes, factories, and cities. From smart thermostats and doorbell cameras to industrial sensors and autonomous vehicles, these devices are more connected - and more vulnerable - than ever.



As 2025 unfolds, we’re seeing an exciting expansion of IoT capabilities, but with it comes an escalating cyber threat landscape. Here’s what’s new in IoT, and how cybercriminals are exploiting these innovations.

 

What’s New in IoT for 2025?


1. AI-Powered Edge Devices - IoT devices are no longer just passive sensors. Thanks to advances in edge computing and AI chips, they now process data locally, enabling faster decisions and reducing reliance on the cloud. This is critical in sectors like autonomous driving and healthcare monitoring.

 

2. Matter Protocol Gains Ground - The Matter protocol, developed by the Connectivity Standards Alliance (CSA), has gained widespread adoption in smart home devices, ensuring better interoperability and security between brands like Apple, Google, Amazon, and Samsung.

 

3. Wearables Go Medical - IoT wearables have moved beyond fitness. New devices now monitor heart conditions, glucose levels, and even mental health metrics, transmitting sensitive health data in real-time to medical providers.

 

4. Smart Cities on the Rise - Urban IoT is scaling fast: traffic sensors, waste management systems, and energy-efficient lighting are reshaping city infrastructure. This is backed by 5G and low-power wide-area networks (LPWANs), enabling massive connectivity.

 

5. Industrial IoT (IIoT) Gets a Boost - Manufacturing and logistics are leaning hard into IoT, using sensors to monitor equipment health, predict failures, and optimise supply chains. These systems are tightly integrated with corporate networks, making them prime targets.



The Flip Side: How IoT Devices Are Being Exploited


Despite their benefits, IoT devices are often the weakest link in cyber security. Here’s how cybercriminals are exploiting them:

 

1. Default Passwords Still a Major Problem - Many devices still ship with weak or unchanged default credentials. Botnets like Mirai continue to capitalise on this, conscripting vulnerable devices into large-scale DDoS attacks.

 

2. Lack of Firmware Updates - Manufacturers often fail to patch vulnerabilities in older models. Cybercriminals actively scan for outdated firmware versions that are susceptible to remote code execution and privilege escalation attacks.

 

3. Rogue Device Insertion - In workplaces or public environments, attackers can introduce malicious IoT devices that appear innocuous - like smart plugs or printers - but actually provide a backdoor into the network.

 

4. Data Privacy Risks - IoT devices, especially in healthcare and home environments, collect sensitive personal data. Without proper encryption, this data is ripe for interception or resale on the dark web.

 

5. Exploiting Edge AI - AI at the edge is powerful - but if not properly secured, attackers can manipulate inference models or inject false data to cause bad decisions (e.g., misclassifying objects for self-driving cars).

 

Securing the Future: Best Practices for IoT Security


To mitigate these threats, both manufacturers and consumers must adopt a security-first mindset:

 

  • Change default credentials immediately 

  • Keep device firmware and software up to date 

  • Segment IoT devices from your main network 

  • Use strong encryption for all transmitted data 

  • Adopt zero-trust principles in enterprise environments 

  • Regularly audit connected devices

 

Final Thoughts


The IoT revolution is only gaining momentum, but so are the threats. As the number of connected devices surpasses 30 billion globally, securing them isn’t just a technical challenge - it’s a societal necessity.

 

From smart homes to critical infrastructure, the choices we make today in IoT security will shape the digital safety of tomorrow. Let’s build a future that’s both connected and secure.


Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


 
 
 

Comentários

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page