Research HighlightsAll Things Considered: an Analysis of

IoT Devices on Home Networks

1

2

All Things Considered: An Analysis of IoT Devices on Home Networks

Deepak Kumar, University of Illinois at Urbana-Champaign;

Kelly Shen and Benton Case, Stanford University;

Deepali Garg, Galina Alperovich, Dmitry Kuznetsov, and

Rajarshi Gupta, Avast Software s.r.o.;

Zakir Durumeric, Stanford University

The paper will be presented at Usenix Security Symposium in August

Device distribution

Stanford University and Avast joint research to understand what the smart homes of the world look like today.

Analyzing home network data from:

83 million devices in 16 million homes_

Goal3

IoT distribution

Vendor landscape Vulnerabilities in home devices

4

Methodology

● 290M Avast PC Users● 55M use Wi-Fi Inspector ● 16M scans in December 2018

Wi-Fi Inspector

Scans home network and the devices connected to it

Consent to participate in research 5

6

How much data do we have?

Global United States

Number of households 15.5M 1.0M

Network devices 18.1M 1.4M

Computers 24.4M 1.6M

Phones 23.3M 1.9M

IoT devices 9.5M 1.9M

Shape of a Modern Home

7

Globally one third of homes have an IoT device8

9

66% of homes in N. America have at least one IoT device

25% of homes in N. America have 3 or more IoT devices

25% of homes in North America have more than 2 devices

9% of homes in N. America have 5 or more IoT devices

IoT adoption varies significantly across world regions10

IoT Analysis

11

Globally one third of homes have an IoT device12

13

Varied regional preferences for IoT devices

100 manufacturers account for over 90% of devices14

While we saw more than 14,000 manufacturers, 94% of devices were made by the top 100 vendors

94%

Game Console: Little Regional Variance in Vendors

North America

Vendor %

Microsoft 39%

Nintendo 19%

Azurewave 11%

Sony 9%

Honhai 8%

Other 14%

Western + Northern Europe

Vendor %

Microsoft 30%

Nintendo 22%

Sony 14%

Honhai 11%

Azurewave 8%

Other 15%

South East Asia

Vendor %

Microsoft 44%

Nintendo 11%

Honhai 11%

Azurewave 10%

Sony 6%

Other 18%

Media Devices: Major Regional Variance in Vendors

North America

Vendor %

Roku 17%

Amazon 10%

Samsung 9%

Apple 5%

Google 5%

Other 54%

Western + Northern Europe

Vendor %

Sagem 15%

Samsung 14%

Freebox 9%

Google 6%

Azurewave 8%

Other 15%

South East Asia

Vendor %

Samsung 19%

Honhai 10%

ZTE 10%

LG 10%

Wistron Neweb 4%

Other 47%

Routers: Major Regional Variance in Vendors

North America

Vendor %

Arris 16%

Cisco 8%

Sagem 5%

Actiontec 4%

TP-Link 4%

Other 63%

Western + Northern Europe

Vendor %

Sagem 18%

Freebox 9%

AVM 5%

Huawei 5%

TP-Link 3%

Other 60%

South East Asia

Vendor %

TP-Link 18%

Huawei 14%

ZTE 12%

Fiberhome 5%

Mikrotic 4%

Other 47%

Vulnerabilities

18

Open FTP and weak FTP credentials are prevalent19

8.7%

Nearly 20% of work appliances have open Telnet20

Open and weak HTTP credentials are very common: Case study of one popular router vendor

21

Regional Analysis

22

23

North American Device Distribution

24

Central and South America Distribution of Devices

25

Western and Northern Europe Distribution of Devices

26

Eastern and Southern Europe Distribution of Devices

27

East Asia Distribution of Devices

Country Analysis

28

29

United States Device Distribution

30

Mexico Device Distribution

31

Argentina Device Distribution

32

Brazil Device Distribution

33

Great Britain Device Distribution

34

France Device Distribution

35

Germany Device Distribution

36

Czech Republic Device Distribution

37

Russia Device Distribution

38

Japan Device Distribution