Litcius/Paper detail

Seeing is not always believing: Insights on IoT manufacturing from firmware composition analysis and vendor survey

Mitsuaki Akiyama, Shugo Shiraishi, A. Fukumoto, Ryota Yoshimoto, Eitaro Shioji, Toshihiro Yamauchi

2023Computers & Security15 citationsDOIOpen Access PDF

Abstract

Attacks on Internet of Things (IoT) devices have become increasingly sophisticated. However, there exist few comprehensive security investigations of IoT devices. We conducted a large-scale systematic investigation by assessing IoT firmware and follow-up survey with professionals involved in IoT-device manufacturing to understand the factors that prevent software security of IoT devices. Consequently, we discovered that many IoT devices continue to use old processor architecture and operating systems that are unable to efficiently use existing attack-mitigation features. Furthermore, we demonstrated that software patches are sometimes implicitly applied without changing the software version number (implicit patching); this may generate false positives in existing vulnerability assessments relying on software versions. On the basis of a follow-up survey, we determined technical and contractual constraints to IoT security emanating from the supply chain in the IoT device manufacturing industry. Based on the results, we discuss challenges associated with secure IoT manufacturing in the IoT-device supply chain.

Topics & Concepts

FirmwareComputer scienceInternet of ThingsComputer securityVendorSupply chainVulnerability (computing)SoftwareEmbedded systemBusinessOperating systemMarketingAdvanced Malware Detection TechniquesSecurity and Verification in ComputingIoT and Edge/Fog Computing
Seeing is not always believing: Insights on IoT manufacturing from firmware composition analysis and vendor survey | Litcius