Am I Infected? Lessons from Operating a Large-Scale IoT Security Diagnostic Service
Takayuki Sasaki, Tomoya Inazawa, Youhei Yamaguchi, Simon Parkin,, Michel van Eeten, Katsunari Yoshioka, Tsutomu Matsumoto
TL;DR
This study analyzes the operation of a large-scale IoT security diagnostic service, revealing user engagement, detection rates of vulnerabilities and malware, and lessons learned about user perceptions and remediation actions.
Contribution
It provides empirical insights from deploying a real-world IoT security service, including user behavior, detection effectiveness, and practical lessons for future IoT security diagnostics.
Findings
0.36% of users had vulnerable devices
0.15% of users had malware infections
96% of users rated the service positively
Abstract
There is an expectation that users of home IoT devices will be able to secure those devices, but they may lack information about what they need to do. In February 2022, we launched a web service that scans users' IoT devices to determine how secure they are. The service aims to diagnose and remediate vulnerabilities and malware infections of IoT devices of Japanese users. This paper reports on findings from operating this service drawn from three studies: (1) the engagement of 114,747 users between February, 2022 - May, 2024; (2) a large-scale evaluation survey among service users (n=4,103), and; (3) an investigation and targeted survey (n=90) around the remediation actions of users of non-secure devices. During the operation, we notified 417 (0.36%) users that one or more of their devices were detected as vulnerable, and 171 (0.15%) users that one of their devices was infected with…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.