Abstract
The rapid adoption of Internet of Things (IoT) and Operational Technology (OT) devices to control systems remotely has introduced significant cyber-security challenges. Attackers have compromised millions of such devices over the years, exploiting their lack of management and weak cyber-security. In this paper, we examine cyber-security issues of neglected, obsolete, and abandoned IoT and OT devices exposed to the Internet. The core of our work focuses on identifying these devices using common scanning tools to find indicators of vulnerabilities and misconfigurations. Moreover, we present an analysis of our Internet-wide scans during a period of two weeks targeting security issues in 8 IoT and OT protocols: MQTT, CoAP, XMPP, Modbus, OPC UA, RTPS, DNP3 and BACnet. We observed over 1 million addresses exposing one or more of these services, of which 675,896 appear vulnerable or misconfigured. Lastly, we examine the IP reputation of the vulnerable devices and show that 7,424 were reported at least once.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 8th Network Traffic Measurement and Analysis Conference (TMA Conference 2024) |
| Number of pages | 10 |
| Publisher | IEEE |
| Publication date | 2024 |
| ISBN (Print) | 979-8-3503-7888-7 |
| ISBN (Electronic) | 978-3-903176-64-5 |
| DOIs | |
| Publication status | Published - 2024 |
| Event | 8th Network Traffic Measurement and Analysis Conference - Dresden, Germany Duration: 21 May 2024 → 24 May 2024 |
Conference
| Conference | 8th Network Traffic Measurement and Analysis Conference |
|---|---|
| Country/Territory | Germany |
| City | Dresden |
| Period | 21/05/2024 → 24/05/2024 |
Keywords
- Vulnerability identification
- Internet-wide scans
- IoT
- OT