In this paper, we provide the first large-scale empirical analysis of IoT devices in real-world homes by leveraging data collected from user-initiated network scans of 83M devices in 16M households. We find that IoT adoption is widespread: on several continents, more than half of households already have at least one IoT device. Device types and manufacturer popularity vary dramatically across regions. For example, while nearly half of North American homes have an Internet-connected television or streaming device, less than three percent do in South Asia where the majority of devices are surveillance cameras. We investigate the security posture of devices, detailing their open services, weak default credentials, and vulnerability to known attacks. Device security similarly varies geographically, even for specific manufacturers. For example, while less than 17% of TP-Link home routers in North America have guessable passwords, nearly half do in Eastern Europe and Central Asia. We argue that IoT devices are here, but for most homes, the types of devices adopted are not the ones actively discussed. We hope that by shedding light on this complex ecosystem, we help the security community develop solutions that are applicable to today's homes.
2. Table of Content
IoT Device Adoption and Distribution Security Posture of IoT Devices
Addressing IoT Security Challenges Future of IoT Security
3. IoT Definition
✓ smart televisions
✓ surveillance cameras
✓ work appliances
✓ home assistants
✓ etc.
• The widespread adoption of Internet-connected embedded devices in real-world homes
4. What is your estimate for the number of IoT devices in 2024?
5. Global Adoption of IoT Devices
• Widespread Adoption
• Impact on Daily Life
6. Avast Wifi Inspector
Perform internal network scans and checks devices for weak security
● Device identification
● Weak default credentials
● Vulnerability to known recent CVEs
○ EthernalBlue
7. Avast Wifi Inspector: Discovering Process
Open
Services
80,443,
23,53
21,22,23
80, 443,
1900,23
Port Service
23 Telnet
22 SSH
21 FTP
1900 UPnP
80 HTTP
443 HTTPS
8. Avast Wi-Fi Inspector: DeviceID Classes
Device Classes
Computer Router
Mobile Device Wearable
Game Console Home Automation
Storage Surveillance
Work Appliance(printer) Voice Assistant
Vehicle Media(TV & streamer)
Home Appliance Generic IoT(Toothbrush)
9. Network Rules
Protocol Field Pattern Type
DHCP ClassID (?i)SAMSUNG[-:_] Network[-:_]Printer Printer
mDNS Name (?i)_nanolead(?:api|ms)?.tcp.local. Lighting
UPnP Device Type .*hub2.* IoT Hub
HTTP Title (?i)Polycom – (?:SoundPoint IP) ? (?:SoundPoint IP)? VoIP Phone
10. What is the problem of this method?
Do you know any other alternative solutions?
11. Methodology
Determine device vendor, fit device into one of 14 device classes
● Network Rules(regex)
● Supervised ML
● Dataset: 15.5 Million homes, including 83 million devices
across 11 geographic regions.
● Trained on 500k Devices from real world scans
● 300K Labels from network rules
● 200K Manually labeled
● Tested on a set of 1k manually labeled unseen devices.
● Results: Accuracy: 96 , F1 Score: 0.8
12. Homes w/ IoT Devices
Region % Homes w/ IoT Device Median Devices per home
North America 66.3% 7
Western Europe 53.5% 4
Oceania 49.2 4
Central + South America 31.7 4
East Asia 30.8 3
Eastern Europe 25.2 3
Southeast Asia 21.7 4
Sub-Saharan Africa 19.7 3
North Africa/Middle East 19.1 3
Central Asia 17.3 2
South Asia 8.7 2
Discussion: What problems do you detect in the outcome statistics?!
13. What do you think regional variation indicates?
14. What do you believe is the most popular category of IoT devices?
15. Homes w/ IoT Devices
Device Type % of North American Homes
Media 43%
Work Appliance(ex, printer) 33%
Gaming Console 16%
Voice Assistant 10%
Surveillance 4%
Storages(NAS) 3%
Home Automation(ex. Nest) 3%
Wearable(Ex: Watch) 0.2%
Other IoT 0.4%
16. How can the security community work towards improving the
security of devices in these smaller regions while considering the
preferences for different vendors and device types?
17. Results
Home automation and voice assistants are only
prevalent (>1% of homes) in North America,
Western Europe, and Oceania.
Work Appliances are the most common device
type in East Asia/Sub-Saharan Africa.
2
Media devices are the most popular device
type in 7 of 11 regions
1
3
18. What factors do you think might explain the prevalence of work
appliances in these regions compared to others?
19. Vendor Dominance
❖ 90% of devices worldwide are produced by only 100 vendors!
❖ Three major of game console:
Microsoft, Sony, Nintendu.
❖ Voice assistant:
Amazon Echo and Google Home
Discussion: How do you see these results usefull in case of IoT lonegvity?
20. Regional Distribution of IoT Devices
• Device Preferences
• Vendor Dominance
• Market Implications
❖ Security challenges vary per region depending
on device preferences!
21. Security is hard to measure in such a heterogeneous ecosystem
North America: Smallest Vulnerable of Telnet Devices!
Western Europe: only 14% of FTP devices support weak credentials!
Sub-Saharan Africa: More than 55% are weak!
Southeast Asia: more than half of devices have a guessable password!
Weak Credentials
22. What strategies can be employed to address these
regional differences in weak credential usage?
23. What is the Role of Major Vendors in Security and Longevity?