Poster Title

Analysis of Vulnerabilities of Internet of Things (IoT) Devices Online

Grade Level at Time of Presentation

Senior

Major

Information Communication Technology

Minor

Communications

Institution

University of Kentucky

KY House District #

6

KY Senate District #

4

Department

Information Communication Technology, School of Information Science, College of Communication and Information

Abstract

In the last decade, we have witnessed an exponential growth in various types of devices (smartphones, wearable devices, smart televisions, and so on) which have become an integral part of our daily lives. Advances in hardware and software technologies have made many of these devices smaller, more powerful and affordable. The majority of devices incorporate networking and sensing technologies that enable them to communicate and exchange information with other networked objects also referred to as the Internet of Things (IoT). IoT systems and devices have been deployed in various application domain including the home, agriculture, transportation, military, industry, and many other sectors. The connectivity of IoT devices to the Internet make them vulnerable to attackers if they are not properly configured and secured. Using an IoT search engine called Shodan along with Common Vulnerabilities and Exposures (CVE’s), we investigated and analyzed various vulnerabilities (such as public key disclosure, buffer overflow, insecure Wi-Fi, unauthenticated router access) associated with IoT devices currently being used in critical infrastructures (e.g., industrial control systems), home IoT (e.g., web cameras) and networking devices (e.g., routers). Our results revealed that over 153,280,000 IoT devices are connected to the Internet in the United States out of which at least 3,200,000 are vulnerable to future attacks. In the State of Kentucky, over 525,000 devices IoT devices are connected to the Internet at least 2,100 were found to be vulnerable. Most of the vulnerabilities were associated with routers, and the Secure Shell (SSH) protocol. The outcomes of this work shed light on how vulnerable current IoT devices are and the importance of securing them in order to mitigate future cyberattacks.

This document is currently not available here.

Share

COinS
 

Analysis of Vulnerabilities of Internet of Things (IoT) Devices Online

In the last decade, we have witnessed an exponential growth in various types of devices (smartphones, wearable devices, smart televisions, and so on) which have become an integral part of our daily lives. Advances in hardware and software technologies have made many of these devices smaller, more powerful and affordable. The majority of devices incorporate networking and sensing technologies that enable them to communicate and exchange information with other networked objects also referred to as the Internet of Things (IoT). IoT systems and devices have been deployed in various application domain including the home, agriculture, transportation, military, industry, and many other sectors. The connectivity of IoT devices to the Internet make them vulnerable to attackers if they are not properly configured and secured. Using an IoT search engine called Shodan along with Common Vulnerabilities and Exposures (CVE’s), we investigated and analyzed various vulnerabilities (such as public key disclosure, buffer overflow, insecure Wi-Fi, unauthenticated router access) associated with IoT devices currently being used in critical infrastructures (e.g., industrial control systems), home IoT (e.g., web cameras) and networking devices (e.g., routers). Our results revealed that over 153,280,000 IoT devices are connected to the Internet in the United States out of which at least 3,200,000 are vulnerable to future attacks. In the State of Kentucky, over 525,000 devices IoT devices are connected to the Internet at least 2,100 were found to be vulnerable. Most of the vulnerabilities were associated with routers, and the Secure Shell (SSH) protocol. The outcomes of this work shed light on how vulnerable current IoT devices are and the importance of securing them in order to mitigate future cyberattacks.