Rethinking the security of IoT from the perspective of developer customized device-cloud interaction.

IoT cloud involved communication is widely deployed due to its various services. While IoT clouds provide many strong security mechanisms, lots of IoT devices are still configured with vulnerable interaction procedures with clouds. In this paper, we report a practical study of IoT cloud security regulations on IoT device development solutions. Instead of checking real-world IoT devices, we explore IoT security, especially the security of interaction between devices and clouds, from the perspective of IoT developers and illustrate why flaws during development could evolve into vulnerabilities on real-world devices. To better understand the problem, we describe three security-critical device options that can be customized by IoT developers with their own features, and propose a new approach to check whether a specific IoT cloud regulates the security of IoT solutions with vulnerable device options. With the evaluation of eight mainstream IoT cloud platforms, our study brings to the pervasiveness of the security hazards in IoT cloud security regulation during IoT device development, resulting in manufacturing vulnerable IoT devices.