Preprint Technical Note Version 2 This version is not peer-reviewed

Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk

Version 1 : Received: 27 August 2019 / Approved: 28 August 2019 / Online: 28 August 2019 (14:23:11 CEST)
Version 2 : Received: 12 September 2019 / Approved: 15 September 2019 / Online: 15 September 2019 (02:55:36 CEST)

A peer-reviewed article of this Preprint also exists.

Journal reference: Sensors 2019, 19, 4107
DOI: 10.3390/s19194107

Abstract

The introduction of the Internet of Things (IoT), i.e. the interconnection of embedded devices over the Internet, has changed the world we live in from the way we measure, make calls, print information and even the way we get energy in our offices or homes. The convenience of IoT products, like CCTV cameras, IP phones, and oscilloscopes, is overwhelming for end-users. In parallel, however, security issues have emerged and it is essential for infrastructure providers to assess the associated security risks. In this paper, we propose a novel method to detect IoT devices and identify the manufacturer, device model, and the firmware version currently running on the device using the page source from the web user interface. We performed automatic scans of the large-scale network at the European Organization for Nuclear Research (CERN) to evaluate our approach. Our tools identified 233 IoT devices that fell into eleven distinct device categories and included 49 device models manufactured by 26 vendors from across the world.

Subject Areas

Internet of Things; security; vulnerabilities and protective measures; control network security; operation in multi-user environments; risk assessment

Comments (1)

Comment 1
Received: 15 September 2019
Commenter: Sharad Agarwal
Commenter's Conflict of Interests: Author
Comment: The last line of the abstract has been removed. The contributions section has been revised. There are 3 new figures added in the revised version with more details about the methodology. We also added details about the registration of the device on the CERN network and explaining that the tools can be used by anyone in any organization or individual. We also added a line in the acknowledgment section. There are some more minor grammatical and bibliography changes done.
+ Respond to this comment

We encourage comments and feedback from a broad range of readers. See criteria for comments and our diversity statement.

Leave a public comment
Send a private comment to the author(s)
Views 0
Downloads 0
Comments 1
Metrics 0


×
Alerts
Notify me about updates to this article or when a peer-reviewed version is published.