Superspreaders: Quantifying the Role of IoT Manufacturers in Device Infections

The influx of insecure IoT devices into the consumer market can only be stemmed if manufacturers adopt more secure practices. It is unlikely that this will happen without government involvement. Developing effective regulation takes years. In the meantime, governments have an urgent need to engage manufacturers directly to stop the damage from getting worse. The problem is that there are many thousands of companies that produce IoT devices. Where to start? In this paper, we focus on identifying the most urgent class: the manufacturers of IoT devices that get compromised in the wild. To identify the manufacturers of infected IoT, we conducted active scanning of Mirai-infected devices. Over a period of 2 months, we collected Web-UI images and banners to identify device types and manufacturers. We identified 31,950 infected IoT devices in 68 countries produced by 70 unique manufacturers. We found that 9 vendors share almost 50% of the infections. This pattern is remarkably consistent across countries, notwithstanding the enormous variety of devices across markets. In terms of supporting customers, 53% of the 70 identified manufacturers offer firmware or software downloads on their websites, 43% provide some password changing procedure, and 26% of the manufacturers offer some advice to protect devices from attacks. Our findings suggest that targeting a small number of manufacturers can have a major impact on overall IoT security and that governments can join forces in these efforts, as they are often confronted with the same manufacturers.