Abstract
The worldwide ecosystem of communication, information, and new-age
technologies are using the Internet of Things (IoT) which connect
devices or things on the Internet with each other from any location. IoT
has seen tremendous expansion in its applications and services over the
last few years. This has generated the attention of device manufacturers
along with corporate vendors, and individual investors, which have
resulted in a rapid influx of new-age businesses. As the adoption and
use of IoT devices are increasing, these things on the Internet are
being used in almost every area of our life. Since confidential data and
information are involved, securing the IoT devices has become the prime
is gaining more and more importance. Security assessments of smart
cities and homes running IoT devices require appropriate security
controls to mitigate threats and risks due to the smart technology
deployments. This research focuses on the IoT device firmware to secure
the smart home environment. The authors present a security framework for
conducting IoT firmware analysis and investigations that revealed
hardcoded user IDs and passwords as well as sensitive information for
further attacks and compromise of the IoT devices. The authors proposed
a hypothesis to analyze real-time datasets generated from IoT search
engines based on keywords as per device types, locations, and
manufacturers. The outcome exposed device owners taking 11-13 months to
upgrade firmware even among the IoT manufacturers only HP and Cisco were
consistently delivering firmware upgrades to secure the IoT devices.