Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk
Abstract
:1. Introduction
1.1. Contributions
- We developed two tools: “NetScanIoT" tool and “Web-IoT Detection (WID)” tool;The “NetSanIoT” tool detects IoT devices on a large heterogeneous network and is able to detect 20 categories of IoT devices;The “Web-IoT Detection (WID)” tool identifies the manufacturer name, model, and firmware versions of the respective IoT device. It is able to identify 92.45% of IoT device models and 100% of IoT device that have a web user interface;
- We implemented a manual security assessment of 20 categories of devices that were identified by our “NetScanIoT” tool on the highly heterogeneous, large-scale network at CERN.
1.2. Related Work
2. Materials and Methods
2.1. Identification
2.1.1. NetScanIoT Tool
2.1.2. Web-IoT Detection (WID) Tool
- IP-address and the host name of the device;
- Web page availability of the device;
- Category of device identified;
- Manufacturer/Vendor name;
- Model name;
- Firmware version.
2.2. Vulnerability Assessment
3. Results
3.1. Evaluation of Tools
3.2. Vulnerability Assessment Results
4. Discussion
5. Conclusions
Author Contributions
Funding
Acknowledgments
Conflicts of Interest
Abbreviations
IoT | Internet of Things |
WID | Web-IoT Detection |
CERN | European Organization for Nuclear Research |
LHC | Large Hadron Collider |
DUT | Device Under Test |
PLC | Programmable Logic Controller |
ENISA | European Union Agency for Network and Information Security |
NIS | Network Information Security |
UI | User Interface |
NAS | Network Attached Storage |
MLC | Media Layer Controller |
IP | Internet Protocol |
MAC | Media Access Control |
HTTP | Hypertext Transfer Protocol |
SSH | Secure Shell |
CCTV | Close Circuit Television |
OWASP | Open Web Application Security Project |
SIP | Session Initiation Protocol |
RTSP | Real-Time Streaming Protocol |
URL | Uniform Resource Locator |
LHCb | Large Hadron Collider beauty |
CMS | Compact Muon Solenoid |
References
- Internet of Things (IoT). Connected Devices Installed Base Worldwide From 2015 to 2025 (in Billions). Available online: https://www.statista.com/statistics/471264/iot-number-of-connected-devicesworldwide (accessed on 20 June 2018).
- Bruce Schneier. The Internet of Things Is Wildly Insecure—And Often Unpatchable. 2014. Available online: https://www.wired.com/2014/01/theres-no-good-way-to-patch-the-internet-of-thingsand-thats-a-huge-problem (accessed on 18 August 2018).
- Tianlong, Y.; Vyas, S.; Srinivasan, S.; Yuvraj, A.; Chenren, X. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the internet-of-things. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks, Philadelphia, PA, USA, 16–17 November 2015; p. 5. [Google Scholar]
- Bruce Schneier. Will Giving the Internet Eyes and Ears Mean the End of Privacy? Available online: https://www.theguardian.com/technology/2013/may/16/internet-of-things-privacy-google (accessed on 18 August 2018).
- IoT Security Standards Gap Analysis. Available online: https://www.enisa.europa.eu/publications/iotsecurity-standards-gap-analysis (accessed on 18 January 2019).
- Costin, A.; Zarras, A.; Francillon, A. Towards automated classification of firmware images and identification of embedded devices. In IFIP International Conference on ICT Systems Security and Privacy Protection; Springer: Cham, Switzerland, 2017; pp. 233–247. [Google Scholar]
- Lyon, G.F. Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning; Insecure.Com, LLC: Palo Alto, CA, USA, 2009. [Google Scholar]
- Stenberg, D. Everything-Curl; GitBook: Lyon, France, 2017. [Google Scholar]
- Zheng, Z.; Webb, A.; Reddy, A.N.; Bettati, R. IoTAegis: A Scalable Framework to Secure the Internet of Things. In Proceedings of the IEEE 2018 27th International Conference on Computer Communication and Networks (ICCCN), Hangzhou, China, 30 July–2 August 2018; pp. 1–9. [Google Scholar]
- Guo, H.; Heidemann, J. IP-Based IoT Device Detection. In Proceedings of the ACM 2018 Workshop on IoT Security and Privacy (IoT S&P’18), Budapest, Hungary, 20 August 2018; pp. 36–42. [Google Scholar] [CrossRef]
- Siby, S.; Maiti, R.R.; Tippenhauer, N.O. IoTscanner: Detecting privacy threats in IoT neighborhoods. In Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and Security IoTPTS 17, Abu Dhabi, UAE, 2 April 2017; pp. 23–30. [Google Scholar]
- Python Software Foundation. Python Language Reference, Version 2.7. Available online: http://www.python.org (accessed on 7 August 2019).
- Deering, S. ICMP Router Discovery Messages. Available online: https://tools.ietf.org/html/rfc1256 (accessed on 20 September 2018).
- Toebes, J.; Turner, B.C.; Walker, D.J. Arrangement in a Server for Providing Dynamic Domain Name System Services for Each Received Request. U.S. Patent 7,499,998, 21 April 2005. [Google Scholar]
- Free Software Foundation. GNU Wget 1.20. Available online: https://www.gnu.org/software/wget/ (accessed on 7 August 2019).
- Scarpy Developers. Scrapy 1.7. Available online: https://docs.scrapy.org/en/latest/intro/overview.html (accessed on 7 August 2019).
- Python Software Foundation. Selenium 3.141.0. Available online: https://pypi.org/project/selenium/ (accessed on 7 August 2019).
- Richardson, L. Beautiful Soup Documentation. Available online: https://buildmedia.readthedocs.org/media/pdf/beautiful-soup-4/latest/beautiful-soup-4.pdf (accessed on 20 September 2018).
- Tenable.Com. Nessus. Available online: https://www.tenable.com/products/nessus/nessus-professional (accessed on 12 March 2018).
- Openvas.Org. OpenVAS. Available online: http://openvas.org/ (accessed on 16 February 2018).
- OWASP. OWASP Internet of Things Project. Available online: https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=IoT_Vulnerabilitiessoftware.html (accessed on 7 May 2018).
- Ylonen, T.; Lonvick, C. The Secure Shell (SSH) Protocol Architecture. Available online: https://tools.ietf.org/html/rfc4251 (accessed on 20 September 2018).
- Postel, J.; Reynolds, J.K. Telnet Protocol Specification. Available online: https://tools.ietf.org/html/rfc854 (accessed on 20 September 2018).
- Rosenberg, J.; Schulzrinne, H.; Camarillo, G.; Johnston, A.; Peterson, J.; Sparks, R.; Handley, M.; Schooler, E. SIP: Session Initiation Protocol. Available online: https://tools.ietf.org/html/rfc3261 (accessed on 20 September 2018).
- Schulzrinne, H.; Rao, A.; Lanphier, R. Real-Time Streaming Protocol (RTSP). Available online: https://tools.ietf.org/html/rfc2326 (accessed on 20 September 2018).
- The Free Encyclopedia Wikipedia. JetDirect. Available online: https://en.wikipedia.org/wiki/JetDirect (accessed on 13 June 2017).
- Müller, J. Exploiting Network Printers. Available online: https://www.nds.ruhr-uni-bochum.de/media/ei/arbeiten/2017/01/13/exploiting-printers.pdf (accessed on 23 July 2017).
- Router Scan v2.60 Beta by Stas’M. Available online: http://stascorp.com/load/1-1-0-56 (accessed on 10 May 2018).
- Google Hacking Database. Available online: https://www.exploit-db.com/google-hacking-database/ (accessed on 7 May 2018).
- CERN CERT. FIR. Available online: https://github.com/CERN-CERT/FIR (accessed on 25 June 2018).
- Agarwal, S.; Oser, P.; Short, H.; Lueders, S. Internet of Things Security. Available online: https://doi.org/10.5281/zenodo.1035034 (accessed on 11 March 2018).
Sample Availability: The source code sample will be available from the authors Sharad Agarwal and Pascal Oser after the completion of the PhD of Pascal Oser, in 2020. |
Category | Model | Manufacturer | Quantity | City, Country of Manufacturer |
---|---|---|---|---|
Matrox | Matrox Monarch HD | Matrox | 26 | Dorval, QC, Canada |
Matrox | Matrox LCS | Matrox | 2 | Dorval, QC, Canada |
Telepresence | SX20 | Cisco | 23 | San Jose, CA, USA |
Telepresence | C20/40 | Cisco | 10 | San Jose, CA, USA |
Oscilloscope | Tektronix | Tektronix | 3 | Beaverton, OR, USA |
Oscilloscope | Lecroy | Teledyne Lecroy | 3 | New York, USA |
Oscilloscope | Keysight53230A | Keysight Technologies | 3 | Santa Rosa, CA, USA |
IP Phone | Polycom | Polycom | 2 | San Jose, CA, USA |
IP Phone | Cisco | Cisco | 2 | San Jose, CA, USA |
IP Phone | FLX | Revolabs | 1 | Sudbury, MA, USA |
IP Phone | Yealink | Yealink | 1 | Xiamen, China |
NAS | Diskstation | Synology | 24 | Taipei, Taiwan |
Printer | Color Laserjet M553 | Hewlett Packard | 5 | Palo Alto, CA, USA |
Printer | Laserjet 500 color | Hewlett Packard | 4 | Palo Alto, CA, USA |
Printer | Color Laserjet m750 | Hewlett Packard | 2 | Palo Alto, CA, USA |
Printer | Laserjet 2430 | Hewlett Packard | 3 | Palo Alto, CA, USA |
Printer | 3130 cn | Dell | 2 | Round Rock, Texas, USA |
Printer | DCP-L | Brothers | 2 | Aichi Prefecture, Japan |
Printer | HL-5470 | Brothers | 1 | Aichi Prefecture, Japan |
Printer | HL-3070CW | Brothers | 1 | Aichi Prefecture, Japan |
Printer | mfc-8370 dn | Brothers | 1 | Aichi Prefecture, Japan |
Printer | Color Laserjet mfp m277 | Hewlett Packard | 3 | Palo Alto, CA, USA |
Printer | Laserjet cp1525N | Hewlett Packard | 1 | Palo Alto, CA, USA |
Printer | Color Laserjet cm1312nfi mfp | Hewlett Packard | 1 | Palo Alto, CA, USA |
Printer | Laserjet 400 m401 | Hewlett Packard | 1 | Palo Alto, CA, USA |
Printer | Star Asura | Star POS Printing Soln. | 3 | Shizuoka, Japan |
Printer | HP envy | Hewlett Packard | 3 | Palo Alto, CA, USA |
Printer | Photosmart plus printer | Hewlett Packard | 2 | Palo Alto, CA, USA |
Printer | Designjet T120 | Hewlett Packard | 2 | Palo Alto, CA, USA |
Printer | Epson wf-3720 series | Epson | 1 | Nagano Prefecture, Japan |
Printer | zebra zbr3878142 | Zebra | 1 | Illinois, USA |
Printer | sws/syncthru | Samsung | 2 | Seoul, South Korea |
Printer | Officejet pro l7700 | Hewlett Packard | 1 | Palo Alto, CA, USA |
Infoscreens | GM F420SEA F470S/GM F420S | JVC | 9 | Kanagawa Prefecture, Japan |
CCTV Camera | cc8370 | Vivotek | 11 | New Taipei City, Taiwan |
CCTV Camera | ip8365eh | Vivotek | 9 | New Taipei City, Taiwan |
CCTV Camera | Flexidome ip corner 9000 mp | Bosch | 6 | Gerlingen, Germany |
CCTV Camera | M1114 | Axis | 2 | Lund, Sweden |
CCTV Camera | q6000-e | Axis | 3 | Lund, Sweden |
CCTV Camera | P5635-E MKII | Axis | 4 | Lund, Sweden |
CCTV Camera | Q24 | Mobotix AG | 3 | Winnweiler, Germany |
CCTV Camera | M24 | Mobotix AG | 2 | Winnweiler, Germany |
CCTV Camera | M25 | Mobotix AG | 6 | Winnweiler, Germany |
CCTV Camera | DCS-910 | D-link | 2 | Taipei, Taiwan |
CCTV Camera | AW-HE60H | Panasonic | 2 | Osaka Prefecture, Japan |
CCTV Camera | SNC-RZ50 | Sony | 1 | Tokyo, Japan |
PLC | Saia | SBC | 10 | Murten, Switzerland |
Arduino | Arduino Yun/Uno | Arduino | 9 | Somerville, MA, USA |
IPMI | ILO | Hewlett Packard | 12 | Palo Alto, CA, USA |
© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Agarwal, S.; Oser, P.; Lueders, S. Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk. Sensors 2019, 19, 4107. https://doi.org/10.3390/s19194107
Agarwal S, Oser P, Lueders S. Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk. Sensors. 2019; 19(19):4107. https://doi.org/10.3390/s19194107
Chicago/Turabian StyleAgarwal, Sharad, Pascal Oser, and Stefan Lueders. 2019. "Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk" Sensors 19, no. 19: 4107. https://doi.org/10.3390/s19194107
APA StyleAgarwal, S., Oser, P., & Lueders, S. (2019). Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk. Sensors, 19(19), 4107. https://doi.org/10.3390/s19194107