- Avast carried out the most extensive IoT study ever, by using data from 83 million devices from around the world.
- The data shows that each region is characterized by qualitative and quantitative differences.
- Avast researchers also hacked into a coffee maker, just to demonstrate the potential risks.
Avast took on to carry out the largest IoT (Internet of Things) study ever, scanning 83 million devices located in 16 million homes from all around the world. IoT devices include smart TVs, connectivity dongles, smart plugs, smart fridges, smart coffee makers, security cameras, and anything else that can connect to the Internet. While we’re still not living in the age of the inevitable full conquest of our homes and lives by the Internet of Things, we are well on our way there, with many million 'smart' consumer devices being deployed around the globe right now.
The key findings of the study are the following:
- The region with the most massive IoT device deployment is North America, with 66% of the scanned homes having at least one IoT device.
- Only 4% of the IoT devices in North America are surveillance tools, while in South Asia, this percentage shoots up to 54%.
- 54% of the scanned homes in Western Europe deploy an IoT device, while the corresponding stat for Eastern Europe is just 26%.
- South America stands third in overall IoT usage with 34%.
- 35% of the IoT devices in North Africa and the Middle East are media devices.
From a security perspective, Avast researchers announced the following findings:
- 7% of the IoT devices that were scanned are using insecure 'FTP' or 'Telnet' protocols with a small dictionary of common credentials. More than 50% of them are using the admin/admin credentials.
- 55% of the tested FTP devices in Sub-Saharan Africa are vulnerable to simple attacks, while North America and Western Europe boast the lowest percentages on that part.
- 90% of all IoT devices are made by just 100 vendors, so there is a large number of common paths of exploitation affecting millions of devices.
The Avast team also decided to hack a coffee maker as an example, turning it into a ransomware propagator and a gateway to a home network. The researchers successfully turned the coffee maker into a surveillance device, capable of exfiltrating data from other devices that are connected to the home network. This was only done to demonstrate what is possible, as people tend to think that devices like coffee makers, even smart ones, cannot possibly lead to large-scale network infiltration. Smart coffee makers are to be found in many offices today, so this is a case that demonstrates the risks of not monitoring network activity at all times.