Preserved in Portico This version is not peer-reviewed
Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk
: Received: 27 August 2019 / Approved: 28 August 2019 / Online: 28 August 2019 (14:23:11 CEST)
: Received: 12 September 2019 / Approved: 15 September 2019 / Online: 15 September 2019 (02:55:36 CEST)
A peer-reviewed article of this Preprint also exists.
Journal reference: Sensors 2019, 19, 4107
The introduction of the Internet of Things (IoT), i.e., the interconnection of embedded devices over the Internet, has changed the world we live in from the way we measure, make calls, print information and even the way we get energy in our offices or homes. The convenience of IoT products, like CCTV cameras, IP phones, and oscilloscopes, is overwhelming for end-users. In parallel, however, security issues have emerged and it is essential for infrastructure providers to assess the associated security risks. In this paper, we propose a novel method to detect IoT devices and identify the manufacturer, device model, and the firmware version currently running on the device using the page source from the web user interface. We performed automatic scans of the large-scale network at the European Organization for Nuclear Research (CERN) to evaluate our approach. Our tools identified 233 IoT devices that fell into eleven distinct device categories and included 49 device models manufactured by 26 vendors. This serves as the basis for automatic vulnerability assessment to be presented in a future paper.
Internet of Things; security; vulnerabilities and protective measures; control network security; operation in multi-user environments; risk assessment
MATHEMATICS & COMPUTER SCIENCE, Other
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
We encourage comments and feedback from a broad range of readers. See criteria for comments and our diversity statement.