USENIX Security '19 – All Things Considered: An Analysis of IoT Devices on Home Networks

USENIX Security '19 – All Things Considered: An Analysis of IoT Devices on Home Networks

All Things Considered: An Analysis of IoT Devices on Home Networks

Deepak Kumar, University of Illinois at Urbana-Champaign

In this paper, we provide the first large-scale empirical analysis of IoT devices in real-world homes by leveraging data collected from user-initiated network scans of 83M devices in 16M households. We find that IoT adoption is widespread: on several continents, more than half of households already have at least one IoT device. Device types and manufacturer popularity vary dramatically across regions. For example, while nearly half of North American homes have an Internet-connected television or streaming device, less than three percent do in South Asia where the majority of devices are surveillance cameras. We investigate the security posture of devices, detailing their open services, weak default credentials, and vulnerability to known attacks. Device security similarly varies geographically, even for specific manufacturers. For example, while less than 17% of TP-Link home routers in North America have guessable passwords, nearly half do in Eastern Europe and Central Asia. We argue that IoT devices are here, but for most homes, the types of devices adopted are not the ones actively discussed. We hope that by shedding light on this complex ecosystem, we help the security community develop solutions that are applicable to today’s homes.

View the full USENIX Security ’19 program at https://www.usenix.org/conference/usenixsecurity19/technical-sessions

Related Post: