Inferring Software Update Practices on Smart Home IoT Devices Through User Agent Analysis

Vijay Prakash, Sicheng Xie, Danny Yuxing Huang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Smart home IoT devices are known to be breeding grounds for security and privacy vulnerabilities. Although some IoT vendors deploy updates, the update process is mostly opaque to researchers. It is unclear what software components are on devices, whether and when these components are updated, and how vulnerabilities change alongside the updates. This opaqueness makes it difficult to understand the security of software supply chains of IoT devices. To understand the software update practices on IoT devices, we leverage IoT Inspector's dataset of network traffic from real-world IoT devices. We analyze the User Agent strings from plain-text HTTP connections. We focus on four software components included in User Agents: cURL, Wget, OkHttp, and python-requests. By keeping track of what kinds of devices have which of these components at what versions, we find that many IoT devices potentially used outdated and vulnerable versions of these components-based on the User Agents-even though less vulnerable, more updated versions were available; and that the rollout of updates tends to be slow for some IoT devices.

Original languageEnglish (US)
Title of host publicationSCORED 2022 - Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, co-located with CCS 2022
PublisherAssociation for Computing Machinery, Inc
Pages93-103
Number of pages11
ISBN (Electronic)9781450398855
DOIs
StatePublished - Nov 11 2022
Event2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, SCORED 2022 - Co-located with CCS 2022 - Los Angeles, United States
Duration: Nov 11 2022 → …

Publication series

NameSCORED 2022 - Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, co-located with CCS 2022

Conference

Conference2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, SCORED 2022 - Co-located with CCS 2022
Country/TerritoryUnited States
CityLos Angeles
Period11/11/22 → …

Keywords

  • IoT
  • supply chain
  • updates

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Software

Fingerprint

Dive into the research topics of 'Inferring Software Update Practices on Smart Home IoT Devices Through User Agent Analysis'. Together they form a unique fingerprint.

Cite this