Abstract: At present, IoT (Internet of things) devices have been widely used in people’s daily life, and their security is closely related to individuals, enterprises and even countries. The increasing importance of IoT devices has also attracted a growing number of attacks. To address the security challenges IoT devices faced, various countries and regions have formulated numerous laws and regulations, security evaluation and certification standards related to IoT device security. We summarize and organize the existing research status in this field. We firse discuss the security threats IoT devices faced and explore the different attack surfaces for IoT devices based on a hierarchical logic division. Furthermore, we analyze and summarize the existing security laws, regulations, security evaluation, and certification status, while focusing on the research on IoT security risk detection cutting-edge technologies from five aspects: chip Trojan horse detection, Interface security risk detection, wireless protocol security, firmware risk detection and application, and service security risk detection. Finally, the possible future development direction of this field is summarized and prospected, in order to provide reference and help for the security development of our country’s future IoT device products.