Large-Scale Security Analysis of Real-World Backend Deployments Speaking IoT-Focused Protocols
CoRR(2024)
摘要
Internet-of-Things devices, ranging from smart home assistants to health
devices, are pervasive: Forecasts estimate their number to reach 29 billion by
2030. Understanding the security of their machine-to-machine communication is
crucial. Prior work focused on identifying devices' vulnerabilities or proposed
protocol-specific solutions. Instead, in this paper, we investigate the
security of backends speaking Internet-of-Things (IoT) protocols at scale, that
is, the backbone of the entire IoT ecosystem.
We focus on three real-world protocols used by IoT for our large-scale
analysis: MQTT, CoAP, and XMPP. We gather a dataset of over 337,000 backends,
augment it with geographical and provider data, and perform non-invasive active
measurements to investigate three major security threats: information leakage,
weak authentication, and denial of service. Our results provide quantitative
evidence of a problematic immaturity in the IoT security ecosystem. Among other
issues, we find that 9.44
backends are vulnerable to denial of service attacks, and 99.84
MQTT-speaking and XMPP-speaking backends use insecure transport protocols (only
0.16
更多查看译文
AI 理解论文
溯源树
样例
![](https://originalfileserver.aminer.cn/sys/aminer/pubs/mrt_preview.jpeg)
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要