Together, Stanford University and Avast have published findings of their research in a paper entitled All Things Considered, which analyzes the global state of IoT. The survey was based on “data collected from user-initiated network scans of 83M devices in 16M households,” the report said.
“Home IoT is better characterized by smart TVs, printers, game consoles, and surveillance devices – devices that have been connected to our home networks for more than a decade,” the report said.
“These are the kinds of devices that still support weak credentials for old protocols: work appliances are the device type with the highest fraction of weak FTP credentials; surveillance devices are the worst for telnet credentials. Improving the security posture of these devices remains just as important as ensuring that new technologies are secure – our home networks are only as secure as their weakest link.”
Notably, 66% of homes in North America possess at least one IoT device, more than a quarter more than the global average of 40%. Additionally, 25% of North American homes boast more than two devices.
With more than 14,000 IoT manufacturers the world over, 94% of all IoT devices are manufactured by as few as 100 vendors.
When looking at devices such as game consoles, there was little variance across the world in the most popular vendors, with Microsoft and Nintendo taking the top two spots. Open or weak FTP credentials were the top vulnerability. The research found that over 7% of all IoT devices still support these and telnet protocols, making them especially vulnerable.
“There already exists a complex ecosystem of Internet-connected embedded devices in homes worldwide, but that these devices are different than the ones considered by most recent work,” the researchers wrote.