IoT Policy and Attack Report
GCA Internet Integrity Papers, Issue I
IoT Policy and Attack Report
This is the first issue of the GCA Internet Integrity Papers series, which shows the results of an IoT Policy and Attack research project conducted jointly by the Global Cyber Alliance (GCA) and Microsoft.
Based on data about real IoT attacks extracted from GCA’s AIDE platform and ProxyPot infrastructure, the project aims at providing factual evidence on the validity of the most widespread policies, recommendations, and standards on IoT security around the globe.
The result of the research strongly suggests that policymakers are correct in emphasizing secured access when turning standards into policy. Strong passwords, vulnerability disclosure policies, and efficient patching should be guiding principles of any baseline strategy for IoT protection.
The key findings of the report can be summarized as follows:
- The ETSI principles of “no default passwords,” “implement a vulnerability disclosure policy,” and “keep software updated” operate as a golden rule for IoT security
- Secured access and strong passwords go hand in hand
- Telnet is as a perfect gateway for IoT attacks (use SSH instead); Mirai is, by far, the largest source of Telnet-based attacks
- AIDE and ProxyPot work as reliable testing tools to validate IoT policies, standards, and recommendations