CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

IoT Security Progress and Challenges Over the Past Five Years

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The security of Internet of Things (IoT) devices has not kept pace with their rapid adoption across industries. Despite some legislative progress and increased awareness, IoT devices remain vulnerable due to weak default passwords, lack of patching mechanisms, and inadequate security practices by manufacturers. Attackers are exploiting these vulnerabilities for various malicious activities, including botnets, ransomware, and espionage. The Mirai botnet incident in 2016 highlighted the risks, leading to new regulations like the UK's Product Security and Telecoms Infrastructure Act and the EU's Cyber Resilience Act. However, the evolving threat landscape and the influx of new IoT devices pose ongoing challenges for security. Manufacturers face the dilemma of balancing security with user experience, and many are reluctant to implement stricter security measures due to competitive pressures.

Timeline

  1. 05.09.2025 23:46 1 articles · 23d ago

    UK and EU introduce new IoT security regulations

    In 2024, the UK's Product Security and Telecoms Infrastructure Act and the EU's Cyber Resilience Act came into effect, aiming to improve IoT security by banning default passwords and requiring vulnerability disclosure. These regulations are expected to enhance the security of new IoT devices released in 2024 and beyond.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

WhatsApp Zero-Day Exploited in Targeted Attacks

A zero-day vulnerability in WhatsApp (CVE-2025-55177) was exploited in targeted attacks against specific users, chained with a separate iOS flaw (CVE-2025-43300). The flaw allowed unauthorized users to trigger content processing from arbitrary URLs on targeted devices. Apple issued threat notifications to users targeted in mercenary spyware attacks, which included individuals based on their status or function, such as journalists, lawyers, activists, politicians, and senior officials. The attacks highlight the risks of chaining multiple vulnerabilities to compromise targets, emphasizing the need for comprehensive security measures. WhatsApp patched the issue and notified affected users. Apple has sent threat notifications multiple times a year since 2021, alerting users in over 150 countries, including a fourth campaign in France in 2025. The attacks began with the exploitation of the WhatsApp zero-day vulnerability, which was chained with an iOS flaw in sophisticated attacks. Apple has been issuing threat notifications to users targeted in these attacks, advising them to enable Lockdown Mode and seek emergency security assistance. Apple introduced Memory Integrity Enforcement (MIE) in the latest iPhone models to combat memory corruption vulnerabilities, and the number of U.S. investors in spyware and surveillance technologies has increased significantly.

Open in new tab