iot devices on home networks all things considered: an ... al things considered/summary...what the...
TRANSCRIPT
Research HighlightsAll Things Considered: an Analysis of
IoT Devices on Home Networks
1
2
All Things Considered: An Analysis of IoT Devices on Home Networks
Deepak Kumar, University of Illinois at Urbana-Champaign;
Kelly Shen and Benton Case, Stanford University;
Deepali Garg, Galina Alperovich, Dmitry Kuznetsov, and
Rajarshi Gupta, Avast Software s.r.o.;
Zakir Durumeric, Stanford University
The paper will be presented at Usenix Security Symposium in August
Device distribution
Stanford University and Avast joint research to understand what the smart homes of the world look like today.
Analyzing home network data from:
83 million devices in 16 million homes_
Goal3
IoT distribution
Vendor landscape Vulnerabilities in home devices
4
Methodology
● 290M Avast PC Users● 55M use Wi-Fi Inspector ● 16M scans in December 2018
Wi-Fi Inspector
Scans home network and the devices connected to it
Consent to participate in research 5
6
How much data do we have?
Global United States
Number of households 15.5M 1.0M
Network devices 18.1M 1.4M
Computers 24.4M 1.6M
Phones 23.3M 1.9M
IoT devices 9.5M 1.9M
Shape of a Modern Home
7
Globally one third of homes have an IoT device8
9
66% of homes in N. America have at least one IoT device
25% of homes in N. America have 3 or more IoT devices
25% of homes in North America have more than 2 devices
9% of homes in N. America have 5 or more IoT devices
IoT adoption varies significantly across world regions10
IoT Analysis
11
Globally one third of homes have an IoT device12
13
Varied regional preferences for IoT devices
100 manufacturers account for over 90% of devices14
While we saw more than 14,000 manufacturers, 94% of devices were made by the top 100 vendors
94%
Game Console: Little Regional Variance in Vendors
North America
Vendor %
Microsoft 39%
Nintendo 19%
Azurewave 11%
Sony 9%
Honhai 8%
Other 14%
Western + Northern Europe
Vendor %
Microsoft 30%
Nintendo 22%
Sony 14%
Honhai 11%
Azurewave 8%
Other 15%
South East Asia
Vendor %
Microsoft 44%
Nintendo 11%
Honhai 11%
Azurewave 10%
Sony 6%
Other 18%
Media Devices: Major Regional Variance in Vendors
North America
Vendor %
Roku 17%
Amazon 10%
Samsung 9%
Apple 5%
Google 5%
Other 54%
Western + Northern Europe
Vendor %
Sagem 15%
Samsung 14%
Freebox 9%
Google 6%
Azurewave 8%
Other 15%
South East Asia
Vendor %
Samsung 19%
Honhai 10%
ZTE 10%
LG 10%
Wistron Neweb 4%
Other 47%
Routers: Major Regional Variance in Vendors
North America
Vendor %
Arris 16%
Cisco 8%
Sagem 5%
Actiontec 4%
TP-Link 4%
Other 63%
Western + Northern Europe
Vendor %
Sagem 18%
Freebox 9%
AVM 5%
Huawei 5%
TP-Link 3%
Other 60%
South East Asia
Vendor %
TP-Link 18%
Huawei 14%
ZTE 12%
Fiberhome 5%
Mikrotic 4%
Other 47%
Vulnerabilities
18
Open FTP and weak FTP credentials are prevalent19
8.7%
Nearly 20% of work appliances have open Telnet20
Open and weak HTTP credentials are very common: Case study of one popular router vendor
21
Regional Analysis
22
23
North American Device Distribution
24
Central and South America Distribution of Devices
25
Western and Northern Europe Distribution of Devices
26
Eastern and Southern Europe Distribution of Devices
27
East Asia Distribution of Devices
Country Analysis
28
29
United States Device Distribution
30
Mexico Device Distribution
31
Argentina Device Distribution
32
Brazil Device Distribution
33
Great Britain Device Distribution
34
France Device Distribution
35
Germany Device Distribution
36
Czech Republic Device Distribution
37
Russia Device Distribution
38
Japan Device Distribution