FRANÇAIS
A showcase of ÉTS researchers’ publications and other contributions
SEARCH

A first empirical look on internet-scale exploitations of IoT devices

Galluscio, Mario, Neshenko, Nataliia, Bou-Hard, Elias, Huang, Yongliang, Ghani, Nasir, Crichigno, Jorge and Kaddoum, Georges. 2017. « A first empirical look on internet-scale exploitations of IoT devices ». In IEEE 28th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC) (Montreal, QC, Canada, Oct. 8-13, 2017) Piscataway, NJ, USA : IEEE.
Compte des citations dans Scopus : 15.

[thumbnail of Kaddoum G 2017 16003 A first empirical look on internet-scale.pdf]
Preview
PDF
Kaddoum G 2017 16003 A first empirical look on internet-scale.pdf - Accepted Version
Use licence: All rights reserved to copyright holder.

Download (1MB) | Preview

Abstract

Technological advances and innovative business models led to the modernization of the cyber-physical concept with the realization of the Internet of Things (IoT). While IoT envisions a plethora of high impact benefits in both, the consumer as well as the control automation markets, unfortunately, security concerns continue to be an afterthought. Several technical challenges impedes addressing such security requirements, including, lack of empirical data related to various IoT devices in addition to the shortage of actionable attack signatures. In this paper, we present what we believe is a first attempt ever to comprehend the severity of IoT maliciousness by empirically characterizing the magnitude of Internet-scale IoT exploitations. We draw upon unique and extensive darknet (passive) data and develop an algorithm to infer unsolicited IoT devices which have been compromised and are attempting to exploit other Internet hosts. We further perform correlations by leveraging active Internet-wide scanning to identify and report on such IoT devices and their hosting environments. The generated results indicate a staggering 11 thousand exploited IoT devices that are currently in the wild. Moreover, the outcome pinpoints that IoT devices embedded deep in operational Cyber-Physical Systems (CPS) such as manufacturing plants and power utilities are the most compromised. We concur that such results highlight the widespread insecurities of the IoT paradigm, while the actionable generated inferences are postulated to be leveraged for prompt mitigation as well as to facilitate IoT forensic investigations using real empirical data.

Item Type: Conference proceeding
Professor:
Professor
Kaddoum, Georges
Affiliation: Génie électrique
Date Deposited: 28 Nov 2017 16:37
Last Modified: 22 Jan 2020 19:58
URI: https://espace2.etsmtl.ca/id/eprint/16003

Actions (login required)

View Item View Item