Open for hire: attack trends and misconfiguration pitfalls of IoT devices

Research output: Contribution to book/anthology/report/conference proceedingArticle in proceedingResearchpeer-review

Abstract

Mirai and its variants have demonstrated the ease and devastating effects of exploiting vulnerable Internet of Things (IoT) devices. In many cases, the exploitation vector is not sophisticated; rather, adversaries exploit misconfigured devices (e.g. unauthenticated protocol settings or weak/default passwords). Our work aims at unveiling the state of IoT devices along with an exploration of the current attack landscape. In this paper, we perform an Internet-level IPv4 scan to unveil 1.8 million misconfigured IoT devices that may be exploited to perform large-scale attacks. These results are filtered to exclude a total of 8,192 devices that we identify as honeypots during our scan. To study current attack trends, we deploy six state-of-art IoT honeypots for a period of 1 month. We gather a total of 200, 209 attacks and investigate how adversaries leverage misconfigured IoT devices. In particular, we study different attack types, including denial of service, multistage attacks and attacks from infected online hosts. Furthermore, we analyze data from a /8 network telescope covering a total of 81 billion requests towards IoT protocols (e.g. CoAP, UPnP). Combining knowledge from the aforementioned experiments, we identify 11, 118 IP addresses (that are part of the detected misconfigured IoT devices) that attacked our honeypot setup and the network telescope.

Original languageEnglish
Title of host publicationIMC '21: Proceedings of the 21st ACM Internet Measurement Conference
Number of pages21
PublisherAssociation for Computing Machinery
Publication dateNov 2021
Pages195-215
ISBN (Electronic)978-1-4503-9129-0
DOIs
Publication statusPublished - Nov 2021
EventIMC '21: Proceedings of the 21st ACM Internet Measurement Conference - Virtuel event
Duration: 2 Nov 20214 Nov 2021

Conference

ConferenceIMC '21: Proceedings of the 21st ACM Internet Measurement Conference
CityVirtuel event
Period02/11/202104/11/2021

Keywords

  • IoT
  • honeypot
  • security
  • cyber-security
  • deception
  • fingerprinting

Fingerprint

Dive into the research topics of 'Open for hire: attack trends and misconfiguration pitfalls of IoT devices'. Together they form a unique fingerprint.

Cite this