Rolling the DICE: A Device Identification and Classification Engine to detect vulnerable devices facing the Internet

In recent years, the Internet has experienced a significant surge in connected devices, with an ever-growing number of sensors and monitoring systems—spanning industries and domestic networks—now exposed to the Internet and reliant on our ability to keep them secure (e.g., in healthcare, home automation, and manufacturing). However, securing Internet-facing devices is no trivial task. Applying patches, firewall rules, and strong credentials are only small steps during their security life-cycle. Since these steps work in tandem, failing even a few can significantly increase the risk of compromise. The cybersecurity community continues to build on its efforts to mitigate this issue from many fronts, all while investigating society’s new challenges with technology and their security implications. To aid in this task, we present DICE, a modular Device Identification and Classification Engine to detect vulnerabilities on Internet-facing devices. DICE assists in most phases of the identification process, from automating Internet-wide scans to labeling results. In addition, DICE can help notify the affected device owners – an ongoing issue across the literature – by creating detailed reports and mitigation strategies. As proof of concept, we share preliminary implementations of various modules to identify recurrent issues in 8 protocols widely used in IoT and OT devices. These modules aim to discover security pitfalls beyond common vulnerabilities, such as signs of abandonment, obsolescence, and security negligence.