1. Open for hire:attack trends and misconfiguration pitfalls of IoT devices
- Author
-
Shreyas Srinivasa, Jens Myrup Pedersen, and Emmanouil Vasilomanolakis
- Subjects
Password ,IoT ,Honeypot ,Exploit ,Computer science ,computer.internet_protocol ,Network telescope ,ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS ,Denial-of-service attack ,security ,Computer security ,computer.software_genre ,IPv4 ,deception ,Attack model ,cyber-security ,fingerprinting ,Universal Plug and Play ,computer ,honeypot - Abstract
Mirai and its variants have demonstrated the ease and devastating effects of exploiting vulnerable Internet of Things (IoT) devices. In many cases, the exploitation vector is not sophisticated; rather, adversaries exploit misconfigured devices (e.g. unauthenticated protocol settings or weak/default passwords). Our work aims at unveiling the state of IoT devices along with an exploration of the current attack landscape. In this paper, we perform an Internet-level IPv4 scan to unveil 1.8 million misconfigured IoT devices that may be exploited to perform large-scale attacks. These results are filtered to exclude a total of 8,192 devices that we identify as honeypots during our scan. To study current attack trends, we deploy six state-of-art IoT honeypots for a period of 1 month. We gather a total of 200, 209 attacks and investigate how adversaries leverage misconfigured IoT devices. In particular, we study different attack types, including denial of service, multistage attacks and attacks from infected online hosts. Furthermore, we analyze data from a /8 network telescope covering a total of 81 billion requests towards IoT protocols (e.g. CoAP, UPnP). Combining knowledge from the aforementioned experiments, we identify 11, 118 IP addresses (that are part of the detected misconfigured IoT devices) that attacked our honeypot setup and the network telescope.
- Published
- 2021