Identifying vulnerabilities of consumer Internet of Things (IoT) devices

A scalable approach

Ryan Williams, Emma McMahon, Sagar Samtani, Mark Patton, Hsinchun Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Citations (Scopus)

Abstract

The Internet of Things becomes more defined year after year. Companies are looking for novel ways to implement various smart capabilities into their products that increase interaction between users and other network devices. While many smart devices offer greater convenience and value, they also present new security vulnerabilities that can have a detrimental effect on consumer privacy. Given the societal impact of IoT device vulnerabilities, this study aims to perform a large-scale vulnerability assessment of consumer IoT devices exposed on the Internet. Specifically, Shodan is used to collect a large testbed of consumer IoT devices which are then passed through Nessus to determine whether potential vulnerabilities exist. Results of this study indicate that a significant number of consumer IoT devices are vulnerable to exploits that can compromise user information and privacy.

Original languageEnglish (US)
Title of host publication2017 IEEE International Conference on Intelligence and Security Informatics
Subtitle of host publicationSecurity and Big Data, ISI 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages179-181
Number of pages3
ISBN (Electronic)9781509067275
DOIs
StatePublished - Aug 8 2017
Event15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017 - Beijing, China
Duration: Jul 22 2017Jul 24 2017

Other

Other15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017
CountryChina
CityBeijing
Period7/22/177/24/17

Fingerprint

Testbeds
Internet of things
Vulnerability
Internet
Industry
Privacy
World Wide Web
Interaction
Compromise

Keywords

  • Internet of Things
  • IoT
  • IoT security
  • Nessus
  • vulnerability assessment

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Cite this

Williams, R., McMahon, E., Samtani, S., Patton, M., & Chen, H. (2017). Identifying vulnerabilities of consumer Internet of Things (IoT) devices: A scalable approach. In 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017 (pp. 179-181). [8004904] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISI.2017.8004904

Identifying vulnerabilities of consumer Internet of Things (IoT) devices : A scalable approach. / Williams, Ryan; McMahon, Emma; Samtani, Sagar; Patton, Mark; Chen, Hsinchun.

2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 179-181 8004904.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Williams, R, McMahon, E, Samtani, S, Patton, M & Chen, H 2017, Identifying vulnerabilities of consumer Internet of Things (IoT) devices: A scalable approach. in 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017., 8004904, Institute of Electrical and Electronics Engineers Inc., pp. 179-181, 15th IEEE International Conference on Intelligence and Security Informatics, ISI 2017, Beijing, China, 7/22/17. https://doi.org/10.1109/ISI.2017.8004904
Williams R, McMahon E, Samtani S, Patton M, Chen H. Identifying vulnerabilities of consumer Internet of Things (IoT) devices: A scalable approach. In 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 179-181. 8004904 https://doi.org/10.1109/ISI.2017.8004904
Williams, Ryan ; McMahon, Emma ; Samtani, Sagar ; Patton, Mark ; Chen, Hsinchun. / Identifying vulnerabilities of consumer Internet of Things (IoT) devices : A scalable approach. 2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 179-181
@inproceedings{95eaf75d785642bea1ceea8bac480ead,
title = "Identifying vulnerabilities of consumer Internet of Things (IoT) devices: A scalable approach",
abstract = "The Internet of Things becomes more defined year after year. Companies are looking for novel ways to implement various smart capabilities into their products that increase interaction between users and other network devices. While many smart devices offer greater convenience and value, they also present new security vulnerabilities that can have a detrimental effect on consumer privacy. Given the societal impact of IoT device vulnerabilities, this study aims to perform a large-scale vulnerability assessment of consumer IoT devices exposed on the Internet. Specifically, Shodan is used to collect a large testbed of consumer IoT devices which are then passed through Nessus to determine whether potential vulnerabilities exist. Results of this study indicate that a significant number of consumer IoT devices are vulnerable to exploits that can compromise user information and privacy.",
keywords = "Internet of Things, IoT, IoT security, Nessus, vulnerability assessment",
author = "Ryan Williams and Emma McMahon and Sagar Samtani and Mark Patton and Hsinchun Chen",
year = "2017",
month = "8",
day = "8",
doi = "10.1109/ISI.2017.8004904",
language = "English (US)",
pages = "179--181",
booktitle = "2017 IEEE International Conference on Intelligence and Security Informatics",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - Identifying vulnerabilities of consumer Internet of Things (IoT) devices

T2 - A scalable approach

AU - Williams, Ryan

AU - McMahon, Emma

AU - Samtani, Sagar

AU - Patton, Mark

AU - Chen, Hsinchun

PY - 2017/8/8

Y1 - 2017/8/8

N2 - The Internet of Things becomes more defined year after year. Companies are looking for novel ways to implement various smart capabilities into their products that increase interaction between users and other network devices. While many smart devices offer greater convenience and value, they also present new security vulnerabilities that can have a detrimental effect on consumer privacy. Given the societal impact of IoT device vulnerabilities, this study aims to perform a large-scale vulnerability assessment of consumer IoT devices exposed on the Internet. Specifically, Shodan is used to collect a large testbed of consumer IoT devices which are then passed through Nessus to determine whether potential vulnerabilities exist. Results of this study indicate that a significant number of consumer IoT devices are vulnerable to exploits that can compromise user information and privacy.

AB - The Internet of Things becomes more defined year after year. Companies are looking for novel ways to implement various smart capabilities into their products that increase interaction between users and other network devices. While many smart devices offer greater convenience and value, they also present new security vulnerabilities that can have a detrimental effect on consumer privacy. Given the societal impact of IoT device vulnerabilities, this study aims to perform a large-scale vulnerability assessment of consumer IoT devices exposed on the Internet. Specifically, Shodan is used to collect a large testbed of consumer IoT devices which are then passed through Nessus to determine whether potential vulnerabilities exist. Results of this study indicate that a significant number of consumer IoT devices are vulnerable to exploits that can compromise user information and privacy.

KW - Internet of Things

KW - IoT

KW - IoT security

KW - Nessus

KW - vulnerability assessment

UR - http://www.scopus.com/inward/record.url?scp=85030253448&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85030253448&partnerID=8YFLogxK

U2 - 10.1109/ISI.2017.8004904

DO - 10.1109/ISI.2017.8004904

M3 - Conference contribution

SP - 179

EP - 181

BT - 2017 IEEE International Conference on Intelligence and Security Informatics

PB - Institute of Electrical and Electronics Engineers Inc.

ER -