Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk

We present our results to identify and assess IoT devices on a large-scale and heterogeneous network. This work shows that IoT devices endanger networks significantly. With our NetScanIoT software, a total of 19 categories of IoT devices were detected successfully. After identifying these devices with WID, we performed a manual vulnerability assessment on them. This assessment showed that IoT manufacturers did not secure their devices and, moreover, on certain devices did not allow the user to change the credentials at all. The Web-IoT detection tool was able to identify 11 out of 19 categories of IoT devices consisting of 42 various models, manufactured by 26 different vendors. We also identified the corresponding manufacturer and firmware version for these 42 device models which can be used later on for risk identification, associated with these firmware versions.