A Large-Scale Analysis of IoT Firmware Version Distribution in the Wild

Ebbers, Frank

doi:10.1109/tse.2022.3163969

Cited by 7 publications

(8 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our results suggest that a regulation like the GDPR, even when enforced, may not be su cient on its own to signi cantly improve the situation. Consequently, technical means are needed to automate or disburden U&P [15].…”

Section: Discussionmentioning

confidence: 99%

“…The IoT ecosystem has "fundamentally changed the way information technology and communication environments work" [16], thereby transforming the way information is captured and processed. The omnipresence of IoT devices in both private and industry settings [1,15] has resulted in the processing of various types of data [1][2][3][4]. However, users are often unaware that their IoT devices can intrude upon their privacy [17].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Responses of the European IoT Ecosystem to the European General Data Protection Regulation

Ebbers,

Friedewald

2023

Preprint

Self Cite

View full text Add to dashboard Cite

With the proliferation of IoT devices in homes and industry, concerns have arisen about the security of the devices and the privacy of users. The General Data Protection Regulation (GDPR), which went into effect in 2018, aims to protect the rights of IoT (and other) users. One way for device manufacturers to address these rights is through firmware updates. However, the extent of the GDPR's impact on EU member states remains uncertain. This paper presents a comprehensive analysis that examines changes in firmware age, as well as the overall age of devices, following the implementation of GDPR in the EU. The analysis uses approximately 400 terabytes of real-world IoT data from Censys.io, spanning from 2015 to the end of 2021. Using grouped average age values, we perform and compare difference-in-differences analyses for devices deployed in all EU member states and regions. We show that devices deployed in Northern Europe tend to be the most up-to-date, while Eastern Europe lags behind. This work provides initial insights into the impact of the GDPR in the IoT ecosystem, and highlights the need for further research to gain a deeper understanding of the effects.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Responses of the European IoT Ecosystem to the European General Data Protection Regulation

Ebbers,

Friedewald

2023

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Shodan (https://www.shodan.io/, accessed on 18 September 2023), an online search engine and scanning service, specialises in detecting and monitoring Internet-connected devices and systems. Conceived by John Matherly and launched in 2009, this search engine scans both IPv4 and IPv6 spaces [21]. Shodan is an interesting option for locating IoT devices owing to its extensive database of devices and online services, making it a valuable resource for research and analysis.…”

Section: Iot Portalsmentioning

confidence: 99%

“…Censys (https://search.censys.io/, accessed on 18 September 2023), an online search engine and scanning service akin to Shodan, specialises in tracking and compiling information about devices and resources on the Internet. It is open source and freely available for academic purposes [21]. This platform enables users to conduct advanced searches to locate devices and services based on diverse criteria.…”

Section: Iot Portalsmentioning

confidence: 99%

Using Large Language Models to Enhance the Reusability of Sensor Data

Berenguer,

Morejón,

Tomás

et al. 2024

Sensors

View full text Add to dashboard Cite

The Internet of Things generates vast data volumes via diverse sensors, yet its potential remains unexploited for innovative data-driven products and services. Limitations arise from sensor-dependent data handling by manufacturers and user companies, hindering third-party access and comprehension. Initiatives like the European Data Act aim to enable high-quality access to sensor-generated data by regulating accuracy, completeness, and relevance while respecting intellectual property rights. Despite data availability, interoperability challenges impede sensor data reusability. For instance, sensor data shared in HTML formats requires an intricate, time-consuming processing to attain reusable formats like JSON or XML. This study introduces a methodology aimed at converting raw sensor data extracted from web portals into structured formats, thereby enhancing data reusability. The approach utilises large language models to derive structured formats from sensor data initially presented in non-interoperable formats. The effectiveness of these language models was assessed through quantitative and qualitative evaluations in a use case involving meteorological data. In the proposed experiments, GPT-4, the best performing LLM tested, demonstrated the feasibility of this methodology, achieving a precision of 93.51% and a recall of 85.33% in converting HTML to JSON/XML, thus confirming its potential in obtaining reusable sensor data.

show abstract

“… Yu et al (2020) presented a method for determining IoT device software using website page data and weak passwords. Ebbers (2022) analyzed firmware upgrades on IoT devices using data mining and mapping techniques. Feng et al (2023) examined challenges and solutions for firmware security analysis in IoT devices.…”

Section: Related Workmentioning

confidence: 99%

Framework to perform taint analysis and security assessment of IoT devices in smart cities

Bhardwaj,

Vishnoi,

Bharany

et al. 2023

PeerJ Computer Science

View full text Add to dashboard Cite

The Internet of Things has a bootloader and applications responsible for initializing the device’s hardware and loading the operating system or firmware. Ensuring the security of the bootloader is crucial to protect against malicious firmware or software being loaded onto the device. One way to increase the security of the bootloader is to use digital signature verification to ensure that only authorized firmware can be loaded onto the device. Additionally, implementing secure boot processes, such as a chain of trust, can prevent unauthorized access to the device’s firmware and protect against tampering during the boot process. This research is based on the firmware bootloader and application dataflow taint analysis and security assessment of IoT devices as the most critical step in ensuring the security and integrity of these devices. This process helps identify vulnerabilities and potential attack vectors that attackers could exploit and provides a foundation for developing effective remediation strategies.

show abstract

A Large-Scale Analysis of IoT Firmware Version Distribution in the Wild

Cited by 7 publications

References 52 publications

Responses of the European IoT Ecosystem to the European General Data Protection Regulation

Responses of the European IoT Ecosystem to the European General Data Protection Regulation

Using Large Language Models to Enhance the Reusability of Sensor Data

Framework to perform taint analysis and security assessment of IoT devices in smart cities

Contact Info

Product

Resources

About