IoT security: Address the invisible threat at your perimeter

It isn’t surprising that the threat actor community has moved quickly to weaponise AI. More concerning is the way AI tools are democratising the capability to find and exploit IoT vulnerabilities. The DJI incident demonstrates how AI coding tools have dramatically lowered the technical barrier to discovering and exploiting IoT vulnerabilities. The volume and diversity of people capable of probing IoT systems for weaknesses has expanded by orders of magnitude. 

Wired reports that ransomware groups increasingly have AI integrated into their malware development pipeline. Previously, attackers had to manually craft exploits for specific firmware versions or device types. AI-driven scanning tools can now fingerprint every device on a network range, identify its firmware version, and automatically select an optimised attack vector.

We are in an arms war. Adversarial machine learning attacks against AI-powered security systems are an active area of attacker research. When your IoT security camera uses AI to detect intrusions, an adversary can manipulate the input data to cause the AI to misidentify or overlook threats. 

The same capabilities that make AI dangerous in attackers' hands make it powerful in defenders' hands. Traditional security information and event management systems were not designed for IoT environments, where thousands of devices generate millions of data points continuously. AI-powered anomaly detection can establish baseline behavioural profiles for every connected device and flag deviations that would be invisible to human analysts.

AI-driven device discovery is also transforming asset visibility. Machine learning models can analyse network traffic and communication behaviour to identify and classify devices that have never been registered in any inventory. This addresses the shadow IoT problem at the network level rather than through policy and governance alone. In large environments, AI can infer device type, function, and risk posture based on how it communicates, without requiring manual documentation.

Perhaps most importantly, AI helps address the alert fatigue problem. IoT environments generate enormous volumes of security signals, most of which are low-risk or redundant. AI systems can correlate signals across devices, filter noise, and surface only the events that require human attention. This can help to prioritise threats by actual exploitability and business impact rather than alert volume. 

The internet of things refers to the vast network of physical objects embedded with sensors, software, and other technologies that enable them to connect and exchange data with other devices and systems over the internet. These “things” range from consumer products like smart thermostats and wearable fitness trackers to industrial equipment, medical devices, and critical infrastructure systems.

The IoT is transforming how we live, work, and interact with our environment, providing unprecedented convenience, efficiency, and data-driven insights. However, this rapid expansion introduces significant cybersecurity challenges. IoT devices often have limited computing resources, minimal built-in security, and operate in diverse and dynamic environments, making them attractive targets for malicious actors.

IoT devices often lack robust security measures due to limited processing power and their propensity to connect to insecure networks. Additionally, manufacturers may prioritise convenience over security, leaving vulnerabilities open to exploitation. This makes IoT security a critical concern as these devices proliferate in homes and businesses worldwide.

Botnet attacks

• Example: variants of Mirai continue to infect vulnerable IoT devices and integrate them into botnets for DDoS (distributed denial of service) attacks.
• Impacts: service disruption, reputational damage, and network congestion.

Firmware exploits and supply chain vulnerabilities

• Example: attackers exploit outdated or insecure firmware and third-party components in smart devices.
• Impacts: unauthorised access, data theft, and lateral movement across networks.

Unauthorised device access

• Example: devices shipped with default credentials or no authentication mechanisms.
• Impacts: attackers gain control of devices for surveillance, sabotage, or pivoting to other systems.

Man-in-the-middle (MitM) attacks

• Example: insecure communication protocols (e.g., unencrypted MQTT) are intercepted or altered.
• Impacts: data tampering, espionage, or command injection.

Ransomware and data exfiltration

• Example: smart medical and industrial devices targeted to disrupt operations or extract sensitive data.
• Impacts: operational downtime, extortion, harm to individuals if medical devices are disrupted and regulatory penalties.

Physical attacks and tampering

• Example: devices deployed in unsecured environments (e.g., cameras, sensors in public places) are physically accessed or modified.
• Impacts: loss of integrity, safety issues, or network entry points for broader attacks.

No sector is immune, but some carry disproportionate risk given the stakes involved if IoT systems are compromised.

• Healthcare (IoMT): It is unfortunately common for connected medical devices to run on outdated operating systems. With the majority of data breaches in Australia occurring in the Health sector, and the nature of the data revealed, managing this risk to patient privacy should be a top concern.
• Critical infrastructure (energy, water, utilities): State-sponsored actors including Volt Typhoon have demonstrated the intent and capability to pre-position inside western infrastructure networks for months before being detected. In September 2025, the FBI confirmed Volt Typhoon hackers had maintained access to a Massachusetts utility's systems for ten months.
• Manufacturing: Ransomware attacks on OT environments increased significantly from 2020 to 2025. Manufacturing and transportation are consistently among the top targeted sectors. Physical production disruption can translate directly to product shortages, supply chain failures, and existential business risk.
• Retail: Compromised point-of-sale systems, smart inventory trackers, and logistics sensors create multiple vectors for data theft and supply chain disruption.
• Building systems: Smart building infrastructure such as HVAC, access control, lighting and elevators are increasingly targeted as an entry point into corporate networks. These systems are often managed by facilities teams with no security expertise and connected to networks with insufficient isolation.

Securing IoT requires a layered defence-in-depth approach. Key control measures include:

Secure device design and hardening

• Principle of least privilege: restrict access to only necessary functions.
• Security-by-design: include encryption, secure boot, and tamper resistance during development.

Network segmentation

• Use of VLANs or firewalls: Isolate IoT devices from core enterprise systems.
• Zero trust architecture (ZTA): treat all devices as potentially untrusted.

Identity and access management (IAM)

• Device authentication: implement mutual authentication and certificate-based identity.
• Credential management: enforce strong password policies, disable default logins, and rotate credentials.

Firmware and software update mechanisms

• Secure OTA (over-the-air) updates: sign and encrypt updates to prevent tampering.
• Patch management: Regularly update firmware to address known vulnerabilities. 

Monitoring and threat detection

• Anomaly detection: Use machine learning or behavioural analytics to detect deviations in device activity.
• SIEM/soar integration: Incorporate IoT telemetry into broader security operations platforms.

Regulatory compliance and standards adherence

• Standards and privacy controls: Follow the Australian privacy principles and ISO/IEC 2770.