2. Table of Content
IoT Device Adoption and Distribution Security Posture of IoT Devices
Addressing IoT Security Challenges Future of IoT Security
3. IoT Definition
smart televisions
surveillance cameras
work appliances
home assistants
etc.
• The widespread adoption of Internet-connected embedded devices in real-world homes
4. What is your estimate for the number of IoT devices in 2024?
5. Global Adoption of IoT Devices
• Widespread Adoption
• Impact on Daily Life
6. Avast Wifi Inspector
Perform internal network scans and checks devices for weak security
● Device identification
● Weak default credentials
● Vulnerability to known recent CVEs
○ EthernalBlue
7. Avast Wifi Inspector: Discovering Process
Open
Services
80,443,
23,53
21,22,23
80, 443,
1900,23
Port Service
23 Telnet
22 SSH
21 FTP
1900 UPnP
80 HTTP
443 HTTPS
8. Avast Wi-Fi Inspector: DeviceID Classes
Device Classes
Computer Router
Mobile Device Wearable
Game Console Home Automation
Storage Surveillance
Work Appliance(printer) Voice Assistant
Vehicle Media(TV & streamer)
Home Appliance Generic IoT(Toothbrush)
9. Network Rules
Protocol Field Pattern Type
DHCP ClassID (?i)SAMSUNG[-:_] Network[-:_]Printer Printer
mDNS Name (?i)_nanolead(?:api|ms)?.tcp.local. Lighting
UPnP Device Type .*hub2.* IoT Hub
HTTP Title (?i)Polycom – (?:SoundPoint IP) ? (?:SoundPoint IP)? VoIP Phone
10. What is the problem of this method?
Do you know any other alternative solutions?
11. Methodology
Determine device vendor, fit device into one of 14 device classes
● Network Rules(regex)
● Supervised ML
● Dataset: 15.5 Million homes, including 83 million devices
across 11 geographic regions.
● Trained on 500k Devices from real world scans
● 300K Labels from network rules
● 200K Manually labeled
● Tested on a set of 1k manually labeled unseen devices.
● Results: Accuracy: 96 , F1 Score: 0.8
12. Homes w/ IoT Devices
Region % Homes w/ IoT Device Median Devices per home
North America 66.3% 7
Western Europe 53.5% 4
Oceania 49.2 4
Central + South America 31.7 4
East Asia 30.8 3
Eastern Europe 25.2 3
Southeast Asia 21.7 4
Sub-Saharan Africa 19.7 3
North Africa/Middle East 19.1 3
Central Asia 17.3 2
South Asia 8.7 2
Discussion: What problems do you detect in the outcome statistics?!
13. What do you think regional variation indicates?
14. What do you believe is the most popular category of IoT devices?
15. Homes w/ IoT Devices
Device Type % of North American Homes
Media 43%
Work Appliance(ex, printer) 33%
Gaming Console 16%
Voice Assistant 10%
Surveillance 4%
Storages(NAS) 3%
Home Automation(ex. Nest) 3%
Wearable(Ex: Watch) 0.2%
Other IoT 0.4%
16. How can the security community work towards improving the
security of devices in these smaller regions while considering the
preferences for different vendors and device types?
17. Results
Home automation and voice assistants are only
prevalent (>1% of homes) in North America,
Western Europe, and Oceania.
Work Appliances are the most common device
type in East Asia/Sub-Saharan Africa.
2
Media devices are the most popular device
type in 7 of 11 regions
1
3
18. What factors do you think might explain the prevalence of work
appliances in these regions compared to others?
19. Vendor Dominance
90% of devices worldwide are produced by only 100 vendors!
Three major of game console:
Microsoft, Sony, Nintendu.
Voice assistant:
Amazon Echo and Google Home
Discussion: How do you see these results usefull in case of IoT lonegvity?
20. Regional Distribution of IoT Devices
• Device Preferences
• Vendor Dominance
• Market Implications
Security challenges vary per region depending
on device preferences!
21. Security is hard to measure in such a heterogeneous ecosystem
North America: Smallest Vulnerable of Telnet Devices!
Western Europe: only 14% of FTP devices support weak credentials!
Sub-Saharan Africa: More than 55% are weak!
Southeast Asia: more than half of devices have a guessable password!
Weak Credentials
22. What strategies can be employed to address these
regional differences in weak credential usage?
23. What is the Role of Major Vendors in Security and Longevity?
Today, I'd like to take you through the key points we'll be covering in our discussion. Here's a brief overview of the table of contents for our presentation:
First and foremost, let's clarify what we mean by IoT in this study. Simply put, we're talking about the growing trend of everyday objects in our homes being connected to the internet. These can range from smart thermostats to security cameras and everything in between.
By keeping in this mind, lets move on the next step in this research.
Before we continue, let me ask you a question: How many IoT devices do you think there are in 2024?
Lets see some statistics that are updated as of today.
As we can see, this widespread adoption has clearly a big impact on day to day life.
The researchers in this paper utilized Avast for several reasons.
Firstly, Avast enabled them to perform internal network scans, helping identify all devices connected to the network.
Secondly, Avast facilitated the detection of weak security measures, such as default credentials, across these devices.
Additionally, Avast's capabilities allowed the researchers to assess the vulnerability of devices to known recent Common Vulnerabilities and Exposures (CVEs), including exploits like EternalBlue.
EternalBlue—a leaked NSA exploit targeting SMB on Windows that was primarily responsible for the WannaCry outbreak that impacted millions of Windows devices in 2017
The Avast WiFi Inspector works by checking the ports that devices on your network are using. Different types of devices often use specific ports by default. For example, if it finds ports like 80, 443, 23, and 53, it might mean there's a router in your network. On the other hand, ports like 21, 22, and 23 could indicate the presence of surveillance cameras. This method helps quickly identify the types of devices connected to your network based on the ports they use.
They categorize each device into specific groups, and there are 14 categories in total.
In this step, they use special rules, kind of like patterns, to classify each device. For example:
If a device appears through DHCP and matches the pattern for a Samsung Network Printer, it's labeled as a Printer.
Devices found through mDNS with a name like NanoLeaf are categorized as Lighting.
Those detected via UPnP with a device type containing "hub2" are labeled as IoT Hubs.
Devices recognized through HTTP with a title mentioning Polycom are categorized as VoIP Phones.
These rules help to easily sort devices into specific categories based on how they appear on the network.
Shodan, Nmap, ML.
Here's an easy summary of the methodology:
Devices are categorized into one of 14 classes based on their vendor.
Finally, they tested the system on 1,000 devices they hadn't seen before.
In North America, more than two-thirds of households, specifically 66.3%, have adopted IoT devices.
For instance, in North America, approximately 66.3% of homes have at least one IoT device, with a median of 7 devices per household.
In contrast, South Asia has lower adoption rates, with only 8.7% of homes having IoT devices, and on average, each household has 2 such devices.
The problem is 2-3 is present only pc and router!
Regional Variations: The types and popularity of IoT devices fluctuate across worldwide areas, reflecting varying consumer tastes and technology infrastructures.
As we discuses we saw that everyone has a different opinion regarding the most popular category of IoT devices.
However, this also really happens when are talking about different region in the world.
Media: TV & Stream devices
Localized Security Awareness Campaigns:
Vendor Collaboration and Standards:
Regional Partnerships:
Continuous Monitoring and Vulnerability Management:
Education and Training Programs:
Work Appliances:
Economic factor
Work colture
Technology access
Government policy
etc
Device Preferences:
The varying popularity of different device types across locations demonstrates the impact of cultural, economic, and technological factors on consumer decisions. Vendor Dominance:
Identifying significant suppliers and their regional distribution provides insights into the competitive landscape and market dynamics that influence worldwide IoT device adoption. Market Implications:
Understanding regional distribution trends is critical for firms and governments developing strategies that are responsive to specific market demands and regulatory settings.
Regions vary in terms of IoT device vulnerability.
North America has the smallest vulnerable population of Telnet devices, and only 14% of FTP devices in Western Europe support weak credentials.
However, we learned that more than 55% of FTP devices in Sub-Saharan Africa are weak;
and more than half of the devices in Southeast Asia that support FTP have a guessable password.
Education and Awareness:
Raise awareness among users about the importance of strong and unique passwords.
Educate users on the risks associated with default or weak credentials.
Default Credential Management:
Manufacturers should implement secure default credentials for their devices.
Encourage users to change default passwords immediately upon device installation.
Multi-Factor Authentication (MFA):
Implement MFA wherever possible to add an additional layer of security.
Even if weak credentials are compromised, MFA can prevent unauthorized access.
Regular Password Updates:
Encourage users to regularly update passwords for their IoT devices.
Implement notifications or reminders for users to change passwords periodically.
Network Segmentation:
Segment the home network to isolate IoT devices from critical systems.
Limit the potential impact of a compromised IoT device by restricting its access.
Firmware and Software Updates:
Ensure that IoT devices receive regular firmware and software updates.
Updates often include security patches and improvements that can mitigate vulnerabilities.
Intrusion Detection and Prevention Systems (IDPS):
Implement IDPS to detect and block unauthorized access attempts.
Set up alerts for suspicious activities related to weak credential usage.
Geographical Access Controls:
Implement access controls based on geographic locations, restricting access to IoT devices from specific regions known for high malicious activity.
Collaboration and Information Sharing:
Foster collaboration between security organizations, manufacturers, and users to share information about emerging threats and best practices.
Regulatory Measures:
Advocate for and comply with regulatory measures that enforce strong security practices for IoT devices.
Vendor Responsibility: Major vendors play an important role in addressing security vulnerabilities by installing strong security features, providing timely updates, and maintaining open communication with customers. Collaboration between vendors and security professionals is critical for improving IoT security, which includes threat intelligence sharing, vulnerability disclosure programs, and coordinated initiatives to tighten security standards. Consumer Trust and Confidence: Proactive engagement with consumers to prioritize security and privacy builds trust and confidence in IoT products and services, resulting in a safe and resilient IoT ecosystem.
Understanding the constantly changing nature of IoT security concerns is critical for anticipating emerging threats and vulnerabilities. Strategies for anticipating and managing future IoT security risks should include proactive risk assessment, adaptive security measures, and constant monitoring to keep ahead of changing threat environments. Regulatory Considerations: Working with regulatory organizations to establish future security standards and compliance requirements is critical to creating a safe and trustworthy IoT environment.
