Analysis of Vulnerabilities of Internet of Things (IoT) Devices Online
Grade Level at Time of Presentation
Senior
Major
Information Communication Technology
Minor
Communications
Institution
University of Kentucky
KY House District #
6
KY Senate District #
4
Faculty Advisor/ Mentor
Sherali Zeadally
Department
Information Communication Technology, School of Information Science, College of Communication and Information
Abstract
In the last decade, we have witnessed an exponential growth in various types of devices (smartphones, wearable devices, smart televisions, and so on) which have become an integral part of our daily lives. Advances in hardware and software technologies have made many of these devices smaller, more powerful and affordable. The majority of devices incorporate networking and sensing technologies that enable them to communicate and exchange information with other networked objects also referred to as the Internet of Things (IoT). IoT systems and devices have been deployed in various application domain including the home, agriculture, transportation, military, industry, and many other sectors. The connectivity of IoT devices to the Internet make them vulnerable to attackers if they are not properly configured and secured. Using an IoT search engine called Shodan along with Common Vulnerabilities and Exposures (CVE’s), we investigated and analyzed various vulnerabilities (such as public key disclosure, buffer overflow, insecure Wi-Fi, unauthenticated router access) associated with IoT devices currently being used in critical infrastructures (e.g., industrial control systems), home IoT (e.g., web cameras) and networking devices (e.g., routers). Our results revealed that over 153,280,000 IoT devices are connected to the Internet in the United States out of which at least 3,200,000 are vulnerable to future attacks. In the State of Kentucky, over 525,000 devices IoT devices are connected to the Internet at least 2,100 were found to be vulnerable. Most of the vulnerabilities were associated with routers, and the Secure Shell (SSH) protocol. The outcomes of this work shed light on how vulnerable current IoT devices are and the importance of securing them in order to mitigate future cyberattacks.
Analysis of Vulnerabilities of Internet of Things (IoT) Devices Online
In the last decade, we have witnessed an exponential growth in various types of devices (smartphones, wearable devices, smart televisions, and so on) which have become an integral part of our daily lives. Advances in hardware and software technologies have made many of these devices smaller, more powerful and affordable. The majority of devices incorporate networking and sensing technologies that enable them to communicate and exchange information with other networked objects also referred to as the Internet of Things (IoT). IoT systems and devices have been deployed in various application domain including the home, agriculture, transportation, military, industry, and many other sectors. The connectivity of IoT devices to the Internet make them vulnerable to attackers if they are not properly configured and secured. Using an IoT search engine called Shodan along with Common Vulnerabilities and Exposures (CVE’s), we investigated and analyzed various vulnerabilities (such as public key disclosure, buffer overflow, insecure Wi-Fi, unauthenticated router access) associated with IoT devices currently being used in critical infrastructures (e.g., industrial control systems), home IoT (e.g., web cameras) and networking devices (e.g., routers). Our results revealed that over 153,280,000 IoT devices are connected to the Internet in the United States out of which at least 3,200,000 are vulnerable to future attacks. In the State of Kentucky, over 525,000 devices IoT devices are connected to the Internet at least 2,100 were found to be vulnerable. Most of the vulnerabilities were associated with routers, and the Secure Shell (SSH) protocol. The outcomes of this work shed light on how vulnerable current IoT devices are and the importance of securing them in order to mitigate future cyberattacks.