The Internet of Things (IoT) is based on the free flow of information among various low-power embedded devices that communicate through the internet. This next era of communication can empower physical objects to create, receive and exchange data systematically. The internetworked connections, such as sensors actuators, are serving the emerging smart applications of home automation, smart cities, and infrastructure, smart industries. However, the diversity of internetworked environments and the lack of deployed standards have exposed the IoT to security and privacy threats. Improper system updates, lack of robust security protocols, user unawareness, standardization, storage restrictions, active device monitoring, and active recovery from attacks are some significant challenges in the architecture of IoT applications that require research to achieve an end-to-end secure IoT environment. The twofold aims of this paper include the detailed review of security and privacy-related challenges in IoT applications and possible sources of threats in various emerging (or existing) technologies that lead to a lack of a high degree of trust. This study also aims to provide some guidelines for IoT researchers to work on possible ways to eliminate security and privacy vulnerabilities by highlighting state-of-the-art efforts to resolve the discussed challenges.