A First Empirical Look on Internet-scale Exploitations of IoT Devices

Technological advances and innovative business models led to the modernization of the cyber-physical concept with the realization of the Internet of Things (IoT). While IoT envisions a plethora of high impact benefits in both, the consumer as well as the control automation markets, unfortunately, security concerns continue to be an afterthought. Several technical challenges impede addressing such security requirements, including, lack of empirical data related to various IoT devices in addition to the shortage of actionable attack signatures. In this paper, we present what we believe is a first attempt ever to comprehend the severity of IoT maliciousness by empirically characterizing the magnitude of Internet-scale IoT exploitations. We draw upon unique and extensive darknet (passive) data and develop an algorithm to infer unsolicited IoT devices which have been compromised and are attempting to exploit other Internet hosts. We further perform correlations by leveraging active Internet-wide scanning to identify and report on such IoT devices and their hosting environments. The generated results indicate a staggering 11 thousand exploited IoT devices that are currently in the wild. Moreover, the outcome pinpoints that IoT devices embedded deep in operational Cyber-Physical Systems (CPS) such as manufacturing plants and power utilities are the most compromised. We concur that such results highlight the wide-spread insecurities of the IoT paradigm, while the actionable generated inferences are postulated to be leveraged for prompt mitigation as well as to facilitate IoT forensic investigations using real empirical data.