SUMMARYFuelled to bring the Internet of Things concept to real life, the Internet Engineering Task Force is working on 6LoWPAN, in which the standard allows a vast number of smart objects to be deployed in local wireless sensor networks (WSNs) using the huge address space of IPv6 for data and information harvesting through the Internet. From the security point of view, 6LoWPAN/WSN will be open to security threats from the local network itself and the Internet. Cryptography techniques applied as the front line of defence or deterrent can easily be broken because of the weak secure nature of LoWPAN devices and the wireless environment. Compromised nodes could lead to insider attacks without being detected by any cryptography checking. An intrusion detection system (IDS) is, primarily needed as a second line of defence to monitor the network operations and raise an alarm in case of any anomaly. This paper analyses potential security threats in 6LoWPAN and reviews the current countermeasures, in particular, the IDS‐based solutions for countering insider/internal threats. Additionally, it discovers three novel QoS‐related security threats, namely rank attack, local repair attack, and resource depleting attack, which are more seriously affecting the routing protocol for low‐power and lossy network, the routing protocol used to establish 6LoWPAN network topology. A new two‐layer IDS concept is introduced as a countermeasure method for securing the routing protocol for low‐power and lossy network‐built network topology from the internal QoS attacks. Potential research works are also presented to provide baseline reference to researchers in this field. Copyright © 2012 John Wiley & Sons, Ltd.