Deepak Kumar, University of Illinois at Urbana-Champaign; Kelly Shen and Benton Case, Stanford University; Deepali Garg, Galina Alperovich, Dmitry Kuznetsov, and Rajarshi Gupta, Avast Software s.r.o.; Zakir Durumeric, Stanford University
In this paper, we provide the first large-scale empirical analysis of IoT devices in real-world homes by leveraging data collected from user-initiated network scans of 83M devices in 16M households. We find that IoT adoption is widespread: on several continents, more than half of households already have at least one IoT device. Device types and manufacturer popularity vary dramatically across regions. For example, while nearly half of North American homes have an Internet-connected television or streaming device, less than three percent do in South Asia where the majority of devices are surveillance cameras. We investigate the security posture of devices, detailing their open services, weak default credentials, and vulnerability to known attacks. Device security similarly varies geographically, even for specific manufacturers. For example, while less than 17% of TP-Link home routers in North America have guessable passwords, nearly half do in Eastern Europe and Central Asia. We argue that IoT devices are here, but for most homes, the types of devices adopted are not the ones actively discussed. We hope that by shedding light on this complex ecosystem, we help the security community develop solutions that are applicable to today's homes.
USENIX Security '19 Open Access Videos Sponsored by
King Abdullah University of Science and Technology (KAUST)
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Deepak Kumar and Kelly Shen and Benton Case and Deepali Garg and Galina Alperovich and Dmitry Kuznetsov and Rajarshi Gupta and Zakir Durumeric},
title = {All Things Considered: An Analysis of {IoT} Devices on Home Networks},
booktitle = {28th USENIX Security Symposium (USENIX Security 19)},
year = {2019},
isbn = {978-1-939133-06-9},
address = {Santa Clara, CA},
pages = {1169--1185},
url = {https://www.usenix.org/conference/usenixsecurity19/presentation/kumar-deepak},
publisher = {USENIX Association},
month = aug
}