Saved in:
Bibliographic Details
Main Authors: Sasaki, Takayuki, Inazawa, Tomoya, Yamaguchi, Youhei, Parkin, Simon, van Eeten, Michel, Yoshioka, Katsunari, Matsumoto, Tsutomu
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2501.07326
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910782158012416
author Sasaki, Takayuki
Inazawa, Tomoya
Yamaguchi, Youhei
Parkin, Simon
van Eeten, Michel
Yoshioka, Katsunari
Matsumoto, Tsutomu
author_facet Sasaki, Takayuki
Inazawa, Tomoya
Yamaguchi, Youhei
Parkin, Simon
van Eeten, Michel
Yoshioka, Katsunari
Matsumoto, Tsutomu
contents There is an expectation that users of home IoT devices will be able to secure those devices, but they may lack information about what they need to do. In February 2022, we launched a web service that scans users' IoT devices to determine how secure they are. The service aims to diagnose and remediate vulnerabilities and malware infections of IoT devices of Japanese users. This paper reports on findings from operating this service drawn from three studies: (1) the engagement of 114,747 users between February, 2022 - May, 2024; (2) a large-scale evaluation survey among service users (n=4,103), and; (3) an investigation and targeted survey (n=90) around the remediation actions of users of non-secure devices. During the operation, we notified 417 (0.36%) users that one or more of their devices were detected as vulnerable, and 171 (0.15%) users that one of their devices was infected with malware. The service found no issues for 99% of users. Still, 96% of all users evaluated the service positively, most often for it providing reassurance, being free of charge, and short diagnosis time. Of the 171 users with malware infections, 67 returned to the service later for a new check, with 59 showing improvement. Of the 417 users with vulnerable devices, 151 users revisited and re-diagnosed, where 75 showed improvement. We report on lessons learned, including a consideration of the capabilities that non-expert users will assume of a security scan.
format Preprint
id arxiv_https___arxiv_org_abs_2501_07326
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Am I Infected? Lessons from Operating a Large-Scale IoT Security Diagnostic Service
Sasaki, Takayuki
Inazawa, Tomoya
Yamaguchi, Youhei
Parkin, Simon
van Eeten, Michel
Yoshioka, Katsunari
Matsumoto, Tsutomu
Cryptography and Security
There is an expectation that users of home IoT devices will be able to secure those devices, but they may lack information about what they need to do. In February 2022, we launched a web service that scans users' IoT devices to determine how secure they are. The service aims to diagnose and remediate vulnerabilities and malware infections of IoT devices of Japanese users. This paper reports on findings from operating this service drawn from three studies: (1) the engagement of 114,747 users between February, 2022 - May, 2024; (2) a large-scale evaluation survey among service users (n=4,103), and; (3) an investigation and targeted survey (n=90) around the remediation actions of users of non-secure devices. During the operation, we notified 417 (0.36%) users that one or more of their devices were detected as vulnerable, and 171 (0.15%) users that one of their devices was infected with malware. The service found no issues for 99% of users. Still, 96% of all users evaluated the service positively, most often for it providing reassurance, being free of charge, and short diagnosis time. Of the 171 users with malware infections, 67 returned to the service later for a new check, with 59 showing improvement. Of the 417 users with vulnerable devices, 151 users revisited and re-diagnosed, where 75 showed improvement. We report on lessons learned, including a consideration of the capabilities that non-expert users will assume of a security scan.
title Am I Infected? Lessons from Operating a Large-Scale IoT Security Diagnostic Service
topic Cryptography and Security
url https://arxiv.org/abs/2501.07326