A Haystack Full of Needles: Scalable Detection of IoT Devices in the Wild

Consumer Internet of Things (IoT) devices are extremely popular, providing users with rich and diverse functionalities, from voice assistants to home appliances. These functionalities often come with significant privacy and security risks, with notable recent large-scale coordinated global attacks disrupting large service providers. Thus, an important first step to address these risks is to know what IoT devices are where in a network. While some limited solutions exist, a key question is whether device discovery can be done by Internet service providers that only see sampled flow statistics. In particular, it is challenging for an ISP to efficiently and effectively track and trace activity from IoT devices deployed by its millions of subscribers---all with sampled network data. In this paper, we develop and evaluate a scalable methodology to accurately detect and monitor IoT devices at subscriber lines with limited, highly sampled data in-the-wild. Our findings indicate that millions of IoT devices are detectable and identifiable within hours, both at a major ISP as well as an IXP, using passive, sparsely sampled network flow headers. Our methodology is able to detect devices from more than 77% of the studied IoT manufacturers, including popular devices such as smart speakers. While our methodology is effective for providing network analytics, it also highlights significant privacy consequences.

[1]  Danna Zhou,et al.  d. , 1840, Microbial pathogenesis.

[2]  Rajarshi Gupta,et al.  All Things Considered: An Analysis of IoT Devices on Home Networks , 2019, USENIX Security Symposium.

[3]  P. Alam ‘K’ , 2021, Composites Engineering.

[4]  Ahmad-Reza Sadeghi,et al.  AuDI: Toward Autonomous IoT Device-Type Identification Using Periodic Communication , 2019, IEEE Journal on Selected Areas in Communications.

[5]  Walter Willinger,et al.  Eyeball ASes: from geography to connectivity , 2010, IMC '10.

[6]  Yi Zhou,et al.  Understanding the Mirai Botnet , 2017, USENIX Security Symposium.

[7]  Zubair Shafiq,et al.  Characterizing Smart Home IoT Traffic in the Wild , 2020, 2020 IEEE/ACM Fifth International Conference on Internet-of-Things Design and Implementation (IoTDI).

[8]  Benoit Claise,et al.  Cisco Systems NetFlow Services Export Version 9 , 2004, RFC.

[9]  Iulian Neamtiu,et al.  On the Effectiveness of Random Testing for Android: Or How I Learned to Stop Worrying and Love the Monkey , 2018, 2018 IEEE/ACM 13th International Workshop on Automation of Software Test (AST).

[10]  Daisuke Inoue,et al.  Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai , 2019, NDSS.

[11]  F. Tuya Structure and Biodiversity of Rhodolith Seabeds: A Special Issue , 2020, Diversity.

[12]  Daniel J. Dubois,et al.  When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers , 2020, Proc. Priv. Enhancing Technol..

[13]  Vijay Sivaraman,et al.  Classifying IoT Devices in Smart Environments Using Network Traffic Characteristics , 2019, IEEE Transactions on Mobile Computing.

[14]  Hamed Haddadi,et al.  "Sensing" the IoT network: Ethical capture of domestic IoT network traffic: poster abstract , 2019, SenSys.

[15]  Lawrence K. Saul,et al.  Measuring Security Practices and How They Impact Security , 2019, Internet Measurement Conference.

[16]  Hamed Haddadi,et al.  Towards Automatic Identification and Blocking of Non-Critical IoT Traffic Destinations , 2020, ArXiv.

[17]  Samuel Greengard Deep insecurities , 2019, Commun. ACM.

[18]  Vijay Sivaraman,et al.  Inferring IoT Device Types from Network Behavior Using Unsupervised Clustering , 2019, 2019 IEEE 44th Conference on Local Computer Networks (LCN).

[19]  Vijay Sivaraman,et al.  Can We Classify an IoT Device using TCP Port Scan? , 2018, 2018 IEEE International Conference on Information and Automation for Sustainability (ICIAfS).

[20]  Renata Teixeira,et al.  SIOTOME: An Edge-ISP Collaborative Architecture for IoT Security , 2018 .

[21]  Hang Guo,et al.  Detecting IoT Devices in the Internet , 2020, IEEE/ACM Transactions on Networking.

[22]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[23]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[24]  N. Feamster,et al.  IoT Inspector , 2019, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[25]  Roberto Perdisci,et al.  IoTFinder: Efficient Large-Scale Identification of IoT Devices via Passive DNS Traffic Analysis , 2020, 2020 IEEE European Symposium on Security and Privacy (EuroS&P).

[26]  Nick Feamster,et al.  Keeping the Smart Home Private with Smart(er) IoT Traffic Shaping , 2018, Proc. Priv. Enhancing Technol..

[27]  Amazon VPC , 2022 .

[28]  Marcin Nawrocki,et al.  Uncovering Vulnerable Industrial Control Systems from the Internet Core , 2019, NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium.

[29]  Ralph E. Droms,et al.  Manufacturer Usage Description Specification , 2019, RFC.

[30]  Kensuke Fukuda,et al.  Toward Detecting IoT Device Traffic in Transit Networks , 2020, 2020 International Conference on Artificial Intelligence in Information and Communication (ICAIIC).

[31]  J. Alex Halderman,et al.  A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.

[32]  Nikolaos Laoutaris,et al.  Tracing Cross Border Web Tracking , 2018, Internet Measurement Conference.

[33]  Hamed Haddadi,et al.  Information Exposure From Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach , 2019, Internet Measurement Conference.

[34]  Ieee Staff,et al.  2018 IEEE International Conference on Information and Automation for Sustainability (ICIAfS) , 2018 .

[35]  Nick Feamster,et al.  A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic , 2017, ArXiv.

[36]  P. Alam ‘A’ , 2021, Composites Engineering: An A–Z Guide.

[37]  Ramesh K. Sitaraman,et al.  End-User Mapping: Next Generation Request Routing for Content Delivery , 2015, Comput. Commun. Rev..

[38]  Florian Weimer,et al.  Passive DNS Replication , 2005 .