Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic Network

Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic Network

Many studies have discovered internet-facing systems exposing services that are vulnerable to attack. These are often assumed to be misconfigured systems that are not meant to expose these services to the network, especially not in an enterprise network. In this study, we clarify the causes of the p...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Sasaki, Takayuki, Noma, Takaya, Morii, Yudai, Shimura, Toshiya, Eeten, Michel van, Yoshioka, Katsunari, Matsumoto, Tsutomu
Format: Tagungsbericht
Sprache:eng
Schlagworte:
analysis of device manuals
Internet of Things
IoT
Manuals
notifications
Privacy
Security
Surveys
surveys of owners and manufacturers
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 2309
container_issue
container_start_page 2291
container_title
container_volume
creator Sasaki, Takayuki
Noma, Takaya
Morii, Yudai
Shimura, Toshiya
Eeten, Michel van
Yoshioka, Katsunari
Matsumoto, Tsutomu
description Many studies have discovered internet-facing systems exposing services that are vulnerable to attack. These are often assumed to be misconfigured systems that are not meant to expose these services to the network, especially not in an enterprise network. In this study, we clarify the causes of the presence of IoT devices exposing Telnet and FTP in a university enterprise network. This also helps us to understand who is responsible. We scanned the network and found 185 IoT devices consisting of 30 device models exposing Telnet and 49 models exposing FTP. We sent out a security notification and a survey to device owners. The survey demonstrated that 2 out of 21 and 8 out of 41 owners intentionally enabled Telnet and FTP, respectively, on all their devices. After receiving the notification, 38 out of 47 owners said they were willing to take measures on at least one of their IoT devices. All except one of the devices of these willing owners were successfully remediated. When we investigated the manuals of the devices, we were able to confirm that there was no disclosure whatsoever of the exposed service in 15 out of 30 manuals for models with Telnet and 10 out of 49 manuals for models with FTP. We also confirmed, by combining a survey of the manufacturers with the device manuals, that 22 out of 30 and 29 out of 49 devices enabled Telnet and FTP by default, respectively. From the above results, we conclude that the presence of misconfigured devices was less driven by human errors of the owners and more by the choices of the manufacturers. The majority of owners were motivated to remediate the security risks once made aware of them.
doi_str_mv 10.1109/SP54263.2024.00117
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_RIE</sourceid><recordid>TN_cdi_ieee_primary_10646731</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10646731</ieee_id><sourcerecordid>10646731</sourcerecordid><originalsourceid>FETCH-LOGICAL-i106t-f4ebd6f6a297c05e32471a9383f4a03454f7ec19e63198de66dc2f719b6bead93</originalsourceid><addsrcrecordid>eNotkMFKAzEURaMgWGt_QFzkB6a-5GWSyUpKW7VQrGDFnSUz89JG7aRMxqp_b1FXF86Bs7iMXQgYCgH26vEhV1LjUIJUQwAhzBEbWGMLzAFRIIhj1pNo8kxIMKfsLKVXAAloVY-9PG8in5PveLchPomx5YsdNdd81uwpdWHtutCsf-XYfSRKPHo-_drFRDWfxSWf0D5UBxwa7ho-qlxN21Dxe-o-Y_t2zk68e080-N8-e7qZLsd32XxxOxuP5lkQoLvMKypr7bWT1lSQE0plhLNYoFcOUOXKG6qEJY3CFjVpXVfSG2FLXZKrLfbZ5V83ENFq14ata79Xh7bS5nDBD81SU0o</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic Network</title><source>IEEE Electronic Library (IEL)</source><creator>Sasaki, Takayuki ; Noma, Takaya ; Morii, Yudai ; Shimura, Toshiya ; Eeten, Michel van ; Yoshioka, Katsunari ; Matsumoto, Tsutomu</creator><creatorcontrib>Sasaki, Takayuki ; Noma, Takaya ; Morii, Yudai ; Shimura, Toshiya ; Eeten, Michel van ; Yoshioka, Katsunari ; Matsumoto, Tsutomu</creatorcontrib><description>Many studies have discovered internet-facing systems exposing services that are vulnerable to attack. These are often assumed to be misconfigured systems that are not meant to expose these services to the network, especially not in an enterprise network. In this study, we clarify the causes of the presence of IoT devices exposing Telnet and FTP in a university enterprise network. This also helps us to understand who is responsible. We scanned the network and found 185 IoT devices consisting of 30 device models exposing Telnet and 49 models exposing FTP. We sent out a security notification and a survey to device owners. The survey demonstrated that 2 out of 21 and 8 out of 41 owners intentionally enabled Telnet and FTP, respectively, on all their devices. After receiving the notification, 38 out of 47 owners said they were willing to take measures on at least one of their IoT devices. All except one of the devices of these willing owners were successfully remediated. When we investigated the manuals of the devices, we were able to confirm that there was no disclosure whatsoever of the exposed service in 15 out of 30 manuals for models with Telnet and 10 out of 49 manuals for models with FTP. We also confirmed, by combining a survey of the manufacturers with the device manuals, that 22 out of 30 and 29 out of 49 devices enabled Telnet and FTP by default, respectively. From the above results, we conclude that the presence of misconfigured devices was less driven by human errors of the owners and more by the choices of the manufacturers. The majority of owners were motivated to remediate the security risks once made aware of them.</description><identifier>EISSN: 2375-1207</identifier><identifier>EISBN: 9798350331301</identifier><identifier>DOI: 10.1109/SP54263.2024.00117</identifier><identifier>CODEN: IEEPAD</identifier><language>eng</language><publisher>IEEE</publisher><subject>analysis of device manuals ; Internet of Things ; IoT ; Manuals ; notifications ; Privacy ; Security ; Surveys ; surveys of owners and manufacturers</subject><ispartof>2024 IEEE Symposium on Security and Privacy (SP), 2024, p.2291-2309</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10646731$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,796,27925,54758</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/10646731$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Sasaki, Takayuki</creatorcontrib><creatorcontrib>Noma, Takaya</creatorcontrib><creatorcontrib>Morii, Yudai</creatorcontrib><creatorcontrib>Shimura, Toshiya</creatorcontrib><creatorcontrib>Eeten, Michel van</creatorcontrib><creatorcontrib>Yoshioka, Katsunari</creatorcontrib><creatorcontrib>Matsumoto, Tsutomu</creatorcontrib><title>Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic Network</title><title>2024 IEEE Symposium on Security and Privacy (SP)</title><addtitle>SP</addtitle><description>Many studies have discovered internet-facing systems exposing services that are vulnerable to attack. These are often assumed to be misconfigured systems that are not meant to expose these services to the network, especially not in an enterprise network. In this study, we clarify the causes of the presence of IoT devices exposing Telnet and FTP in a university enterprise network. This also helps us to understand who is responsible. We scanned the network and found 185 IoT devices consisting of 30 device models exposing Telnet and 49 models exposing FTP. We sent out a security notification and a survey to device owners. The survey demonstrated that 2 out of 21 and 8 out of 41 owners intentionally enabled Telnet and FTP, respectively, on all their devices. After receiving the notification, 38 out of 47 owners said they were willing to take measures on at least one of their IoT devices. All except one of the devices of these willing owners were successfully remediated. When we investigated the manuals of the devices, we were able to confirm that there was no disclosure whatsoever of the exposed service in 15 out of 30 manuals for models with Telnet and 10 out of 49 manuals for models with FTP. We also confirmed, by combining a survey of the manufacturers with the device manuals, that 22 out of 30 and 29 out of 49 devices enabled Telnet and FTP by default, respectively. From the above results, we conclude that the presence of misconfigured devices was less driven by human errors of the owners and more by the choices of the manufacturers. The majority of owners were motivated to remediate the security risks once made aware of them.</description><subject>analysis of device manuals</subject><subject>Internet of Things</subject><subject>IoT</subject><subject>Manuals</subject><subject>notifications</subject><subject>Privacy</subject><subject>Security</subject><subject>Surveys</subject><subject>surveys of owners and manufacturers</subject><issn>2375-1207</issn><isbn>9798350331301</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2024</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotkMFKAzEURaMgWGt_QFzkB6a-5GWSyUpKW7VQrGDFnSUz89JG7aRMxqp_b1FXF86Bs7iMXQgYCgH26vEhV1LjUIJUQwAhzBEbWGMLzAFRIIhj1pNo8kxIMKfsLKVXAAloVY-9PG8in5PveLchPomx5YsdNdd81uwpdWHtutCsf-XYfSRKPHo-_drFRDWfxSWf0D5UBxwa7ho-qlxN21Dxe-o-Y_t2zk68e080-N8-e7qZLsd32XxxOxuP5lkQoLvMKypr7bWT1lSQE0plhLNYoFcOUOXKG6qEJY3CFjVpXVfSG2FLXZKrLfbZ5V83ENFq14ata79Xh7bS5nDBD81SU0o</recordid><startdate>20240519</startdate><enddate>20240519</enddate><creator>Sasaki, Takayuki</creator><creator>Noma, Takaya</creator><creator>Morii, Yudai</creator><creator>Shimura, Toshiya</creator><creator>Eeten, Michel van</creator><creator>Yoshioka, Katsunari</creator><creator>Matsumoto, Tsutomu</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope></search><sort><creationdate>20240519</creationdate><title>Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic Network</title><author>Sasaki, Takayuki ; Noma, Takaya ; Morii, Yudai ; Shimura, Toshiya ; Eeten, Michel van ; Yoshioka, Katsunari ; Matsumoto, Tsutomu</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i106t-f4ebd6f6a297c05e32471a9383f4a03454f7ec19e63198de66dc2f719b6bead93</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2024</creationdate><topic>analysis of device manuals</topic><topic>Internet of Things</topic><topic>IoT</topic><topic>Manuals</topic><topic>notifications</topic><topic>Privacy</topic><topic>Security</topic><topic>Surveys</topic><topic>surveys of owners and manufacturers</topic><toplevel>online_resources</toplevel><creatorcontrib>Sasaki, Takayuki</creatorcontrib><creatorcontrib>Noma, Takaya</creatorcontrib><creatorcontrib>Morii, Yudai</creatorcontrib><creatorcontrib>Shimura, Toshiya</creatorcontrib><creatorcontrib>Eeten, Michel van</creatorcontrib><creatorcontrib>Yoshioka, Katsunari</creatorcontrib><creatorcontrib>Matsumoto, Tsutomu</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Sasaki, Takayuki</au><au>Noma, Takaya</au><au>Morii, Yudai</au><au>Shimura, Toshiya</au><au>Eeten, Michel van</au><au>Yoshioka, Katsunari</au><au>Matsumoto, Tsutomu</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic Network</atitle><btitle>2024 IEEE Symposium on Security and Privacy (SP)</btitle><stitle>SP</stitle><date>2024-05-19</date><risdate>2024</risdate><spage>2291</spage><epage>2309</epage><pages>2291-2309</pages><eissn>2375-1207</eissn><eisbn>9798350331301</eisbn><coden>IEEPAD</coden><abstract>Many studies have discovered internet-facing systems exposing services that are vulnerable to attack. These are often assumed to be misconfigured systems that are not meant to expose these services to the network, especially not in an enterprise network. In this study, we clarify the causes of the presence of IoT devices exposing Telnet and FTP in a university enterprise network. This also helps us to understand who is responsible. We scanned the network and found 185 IoT devices consisting of 30 device models exposing Telnet and 49 models exposing FTP. We sent out a security notification and a survey to device owners. The survey demonstrated that 2 out of 21 and 8 out of 41 owners intentionally enabled Telnet and FTP, respectively, on all their devices. After receiving the notification, 38 out of 47 owners said they were willing to take measures on at least one of their IoT devices. All except one of the devices of these willing owners were successfully remediated. When we investigated the manuals of the devices, we were able to confirm that there was no disclosure whatsoever of the exposed service in 15 out of 30 manuals for models with Telnet and 10 out of 49 manuals for models with FTP. We also confirmed, by combining a survey of the manufacturers with the device manuals, that 22 out of 30 and 29 out of 49 devices enabled Telnet and FTP by default, respectively. From the above results, we conclude that the presence of misconfigured devices was less driven by human errors of the owners and more by the choices of the manufacturers. The majority of owners were motivated to remediate the security risks once made aware of them.</abstract><pub>IEEE</pub><doi>10.1109/SP54263.2024.00117</doi><tpages>19</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier EISSN: 2375-1207
ispartof 2024 IEEE Symposium on Security and Privacy (SP), 2024, p.2291-2309
issn 2375-1207
language eng
recordid cdi_ieee_primary_10646731
source IEEE Electronic Library (IEL)
subjects analysis of device manuals
Internet of Things
IoT
Manuals
notifications
Privacy
Security
Surveys
surveys of owners and manufacturers
title Who Left the Door Open? Investigating the Causes of Exposed IoT Devices in an Academic Network
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-23T18%3A22%3A17IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Who%20Left%20the%20Door%20Open?%20Investigating%20the%20Causes%20of%20Exposed%20IoT%20Devices%20in%20an%20Academic%20Network&rft.btitle=2024%20IEEE%20Symposium%20on%20Security%20and%20Privacy%20(SP)&rft.au=Sasaki,%20Takayuki&rft.date=2024-05-19&rft.spage=2291&rft.epage=2309&rft.pages=2291-2309&rft.eissn=2375-1207&rft.coden=IEEPAD&rft_id=info:doi/10.1109/SP54263.2024.00117&rft_dat=%3Cieee_RIE%3E10646731%3C/ieee_RIE%3E%3Curl%3E%3C/url%3E&rft.eisbn=9798350331301&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=10646731&rfr_iscdi=true