All accepted publications from SPARTA partners under its funding.
A Large-Scale Analysis of IoT Firmware Version Distribution in the Wild
This paper examines the up-to-dateness of installed firmware versions of Internet of Things devices accessible via public Internet. It takes a novel approach to identify versions based on the source code of their web interfaces. It analyzes data sets of 1.06m devices collected using the IoT search engine Censys and then maps the results against the latest version each manufacturer offers. A fully scalable and adaptive approach is developed by applying the SEMMA data mining process. This approach relies on three data artifacts: raw data from Censys, a mapping table with firmware versions, and a keyword search list. The results confirm the heterogeneity of connected IoT devices and show that only 2.45 percent of the IoT devices in the wild run the latest available firmware. Installed versions are 19.2 months old on average. This real-world evidence suggests that the updating processes and methods used by engineers so far are not sufficient to keep IoT devices up-to-date. This paper identifies and quantifies influencing factors and captures the global and diverse distribution of IoT devices. It finds manufacturer and device type influence the up-to-dateness of firmware, whereas the country in which the device is deployed is less significant.