Paper Abstract and Keywords |
Presentation |
2022-11-08 09:25
Analysis of Weak Password Settings for IoT Devices and Results of User Notifications Kosuke Murakami (NICT/KDDIR), Takahiro Kasama, Daisuke Inoue (NICT) ICSS2022-42 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
IoT devices with weak ID/Password settings that are accessible from the Internet by services that enable password authentication, such as Telnet and SSH, have been infected with malware and exploited in cyber attacks.
Therefore, the NOTICE project, which surveys IoT devices with weak ID/Password settings in Japan and alerts device owners, has been launched in 2019, and continuous alerts are being issued.
In addition, to reduce the risk of IoT devices to be released in the future, new security requirements for IoT devices were added to the technical conformity standard in 2020, including the ability to prompt a change in the identification code of the access control function or to set a different identification code for each device.
However, while it is widely known that IoT malware can be infected by weak ID/Password pairs, it is not clear whether the infected devices were used with their default settings or whether the users of the devices set weak ID/Password pairs.
If a user has set a weak ID/Password, simply providing a function that prompts the user to change the password may not be sufficient to mitigate the damage from IoT malware infection.
In this paper, based on the results of the NOTICE survey, we analyzed whether the ID/Password of the device was the default setting or not. We also analyzed the results of user actions based on the logging in by the NOTICE survey and the alert. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
IoT Device / Password Settings / NOTICE / / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 122, no. 244, ICSS2022-42, pp. 25-30, Nov. 2022. |
Paper # |
ICSS2022-42 |
Date of Issue |
2022-10-31 (ICSS) |
ISSN |
Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
ICSS2022-42 |
Conference Information |
Committee |
ICSS |
Conference Date |
2022-11-07 - 2022-11-08 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Hokkaido Jichiro Kaikan |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Security, etc. |
Paper Information |
Registration To |
ICSS |
Conference Code |
2022-11-ICSS |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
Analysis of Weak Password Settings for IoT Devices and Results of User Notifications |
Sub Title (in English) |
|
Keyword(1) |
IoT Device |
Keyword(2) |
Password Settings |
Keyword(3) |
NOTICE |
Keyword(4) |
|
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Kosuke Murakami |
1st Author's Affiliation |
National Institute of Information and Communications Technology/KDDI Research, Inc. (NICT/KDDIR) |
2nd Author's Name |
Takahiro Kasama |
2nd Author's Affiliation |
National Institute of Information and Communications Technology (NICT) |
3rd Author's Name |
Daisuke Inoue |
3rd Author's Affiliation |
National Institute of Information and Communications Technology (NICT) |
4th Author's Name |
|
4th Author's Affiliation |
() |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2022-11-08 09:25:00 |
Presentation Time |
25 minutes |
Registration for |
ICSS |
Paper # |
ICSS2022-42 |
Volume (vol) |
vol.122 |
Number (no) |
no.244 |
Page |
pp.25-30 |
#Pages |
6 |
Date of Issue |
2022-10-31 (ICSS) |
|