BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Towards identifying neglected\, obsolete and abandoned IoT and OT 
 devices - Ricardo Yaben\, Technical University of Denmark (DTU)
DTSTART:20240516T140000Z
DTEND:20240516T150000Z
UID:TALK216865@talks.cam.ac.uk
CONTACT:Ryan Gibb
DESCRIPTION:The rapid adoption of Internet of Things (IoT) and Operational
  Technology (OT) devices to control systems remotely has introduced signif
 icant cyber-security challenges. Attackers have compromised millions of su
 ch devices over the years\, exploiting their lack of management and weak c
 yber-security. In this paper\, we examine cyber-security issues of neglect
 ed\, obsolete\, and abandoned IoT and OT devices exposed to the Internet. 
 The core of our work focuses on identifying these devices using common sca
 nning tools to find indicators of vulnerabilities and misconfigurations. M
 oreover\, we present an analysis of our Internet-wide scans during a perio
 d of two weeks targeting security issues in 8 IoT and OT protocols: MQTT\,
  CoAP\, XMPP\, Modbus\, OPC UA\, RTPS\, DNP3 and BACnet. We observed over 
 1 million addresses exposing one or more of these services\, of which 675\
 ,896 appear vulnerable or misconfigured. Lastly\, we examine the IP reputa
 tion of the vulnerable devices and show that 7\,424 were reported at least
  once.
LOCATION:FW11
END:VEVENT
END:VCALENDAR