Towards a Safer Internet of Things—A Survey of IoT Vulnerability Data Sources

The security of the Internet of Things (IoT) is an important yet often overlooked subject. Specifically, the publicly available information sources about vulnerabilities affecting the connected devices are unsatisfactory. Our research shows that, while the information is available on the Internet, there is no single service offering data focused on the IoT in existence. The national vulnerability databases contain some IoT related entries, but they lack mechanisms to distinguish them from the remaining vulnerabilities. Moreover, information about many vulnerabilities affecting the IoT world never reaches these databases but can still be found scattered over the Internet. This review summarizes our effort at identifying and evaluating publicly available sources of information about vulnerabilities, focusing on their usefulness in the scope of IoT. The results of our search show that there is not yet a single satisfactory source covering vulnerabilities affecting IoT devices and software available.

[1]  Andrew Kurtz,et al.  Securing the Internet of Things (IoT): A Security Taxonomy for IoT , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[2]  K. Shadan,et al.  Available online: , 2012 .

[3]  Nasir Ghani,et al.  Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-Scale IoT Exploitations , 2019, IEEE Communications Surveys & Tutorials.

[4]  Zhen Ling,et al.  An End-to-End View of IoT Security and Privacy , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[5]  Hsinchun Chen,et al.  Identifying vulnerabilities of consumer Internet of Things (IoT) devices: A scalable approach , 2017, 2017 IEEE International Conference on Intelligence and Security Informatics (ISI).

[6]  Rahmi Khoirani Common Vulnerability and Exposures (CVE) , 2018 .

[7]  Felix Wortmann,et al.  Internet of Things , 2015, Business & Information Systems Engineering.

[8]  Lin Jiang,et al.  A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices , 2020, Future Internet.

[9]  Emanuele Bellini,et al.  IoT Vulnerability Data Crawling and Analysis , 2019, 2019 IEEE World Congress on Services (SERVICES).

[10]  Pascal Urien,et al.  Internet of Things: A Definition & Taxonomy , 2015, 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies.

[11]  Hussein Al-Bahadili,et al.  Vulnerability scanning of IoT devices in Jordan using Shodan , 2017, 2017 2nd International Conference on the Applications of Information Technology in Developing Renewable Energy Processes & Systems (IT-DREPS).

[12]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[13]  M. R. Kerbel What About Us? , 2018, Remote & Controlled.

[14]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[15]  Byung-Seo Kim,et al.  IoT Elements, Layered Architectures and Security Issues: A Comprehensive Survey , 2018, Sensors.

[16]  Nir Kshetri,et al.  Hacking Power Grids: A Current Problem , 2017, Computer.