Because of the large variety and scale of IoT devices, I would have to say open source software, security integration, and weak default passwords are the biggest risks and challenges when it comes to IoT devices. Open source software can make devices vulnerable because it is available to the public and can be viewed and modified by anyone. This includes people with malicious intentions who might want to exploit vulnerabilities.
Again, because of the large scale of IoT devices and the rate at which they’re produced, integrating security proposes a great challenge.
Most devices that are internet-connected come with default passwords. In a survey of 7,000 people done by NordVPN, just 33% of users change the default password on their IoT devices. This leaves them highly prone to attack.
NordVPN. Your smart devices are a security risk. https://s1.nordcdn.com/nord/misc/0.42.0/vpn/brand/your-smart-devices-put-you-at-risk.pdf