Dear researchers,
I am a German PhD student in business informatics. In my current paper I want to find out, how frequently user update/patch their IoT devices. Besides the fact that some manufacturers provide auto-updates or OTA-updates for their devices, I assume that there are still many devices (e.g. from smaller/unknown manufacturers) that need to be updated/patched manually by the user.
So far I found that it is not easy to identify the patch/update-status of these devices, if you don't have direct access to the device. Therefore, I came up with the following ideas. However, I still struggle to get a sufficient data base and would ask all the brilliant minds here. :) Once I have this information, I would consult each manufacturer's homepage and find the up-to-date version for comparison.
Question:
How can I get the firmware version of different IoT devices exposed to the internet (without logging in) even from non-reputable manufacturers and how can I identify the type of device?
Current approaches and ideas:
Search for keywords (firmware, version, date...) in the GET-results from the IoT search engines shodan.io and censys.io >> however, very few results, as a login on the admin-interface is needed in many cases (which is illegal)
Direct contacting manufacturers of IoT devices (Amazon, Google, Nest, Siemens, Bosch ...) >> (understandably) no company is willing to disclose information about the patch-status
Further ideas:
Receive data about patch status via MQTT (different approach for all devices needed)
Access via Telnet or SSH (however credentials are needed)
Identification of different open-source IoT OS (e.g Tasmota)
General traffic analysis (I would need to be connected to the network, which is impossible)
Challenge:
Different approaches needed for different devices and manufacturers
As I put a lot of brainpowers in my idea already, I would now like to ask the crowed for ideas that I did not come up with.
Thanks a lot for your ideas and help.
Frank
Try doing the same using ftp and also using the normal netcat utilities. It will surely help you.
For more information, you can reach me at [email protected] or if you want instant reply, you can reach me by means of whatsapp at +918200713617.
Dear author
please check below science site:
https://www.google.com/search?q=How+can+I+identify+firmware+versions+of+IoT+devices+exposed+to+the+internet%3F&rlz=1C5CHFA_enIR890IR890&oq=How+can+I+identify+firmware+versions+of+IoT+devices+exposed+to+the+internet%3F&aqs=chrome..69i57j69i60l2.403j0j7&sourceid=chrome&ie=UTF-8
please recommend our response
Thank you very much
Good Luck
Krunalkumar Shah
Thanks for your ideas. :) Shodan and censys do already scan FTP. Netcat could be another option. However, do you mean that I should scan the whole IPv4/6 space to identify devices? That would take days/months and is actually what censys/shodan already did. ;-) Or do I misunderstand you?
Aleksandar S. Sokolovski
Also thanks a lot to you for your reply. The idea of focusing on open source sounds promising. Do you know if the "way" of accessing the firmware version is always the same when using the same OS? Nonetheless, I have one question: Can I access this information (firmware/update page/command) although I am not in the same network as the device?
I will take a look at OpenHAB , thanks :)
best wishes from Germany
Hallo Aleksandar S. Sokolovski ,
thanks for your reply. That sounds good and makes me think positive. Thanks.
So, if I get you right, it would be a good option to search shodan.io and censys.io for devices that run open-source IoT OSes. Once i have them, there will be a documentation in some forums where I can find out, how to access the firmware, using a script or maybe accessing a subpage e.g. 123.456.78 >> abcdfhd.php/updateFirmware. Because what I first need is the list of devices I can check.
Best wishes from Frankfurt to Hamburg
Frank
- Badges
- Science topic