Speaker: Megan Ryan, ECpE Graduate Student
Advisor(s): Doug Jacobson and Kristin Yvonne Rozier
Title: TAS21: A Comprehensive Dataset Surveying Recent IoT Device Vulnerabilities
Abstract: The cyber threat landscape is constantly shifting, especially in the evolutionary area of the Internet of Things, which makes it vital to survey the vulnerabilities that are presently being discovered and attacked, so that we can better combat those threats in the future. By collecting and profiling all of the IoT vulnerabilities reported on by the cybersecurity news site Threatpost between January 2020 and June 2021, we provide a cross-section of the current security issues found in today’s IoT devices. Our detailed analysis of this dataset yields a many-faceted understanding of the threat landscape during this period, including CWEs (Common Weakness Enumeration), CVSS (Common Vulnerability Scoring System) scores, timelines, vulnerability locations, programming languages, and other attack story attributes, delivering a solid foundation for future IoT security efforts. Our findings are that while the majority of recent IoT device vulnerabilities occur in the software layer and arise from common IT weaknesses, there is a great need for a shared database of IoT vulnerabilities for continuous evaluation of the state of IoT security.
Bio: Megan received her BS in computer engineering from Iowa State in 2016. Since then she has been working toward her PhD in computer engineering, focusing on cybersecurity. Her research interests include IoT security, security by design, and using formal methods to combine the two. She has several years’ worth of industrial experience in engineering and network security at Rockwell Collins/Collins Aerospace. Currently she does behind-the-scenes work running undergraduate cybersecurity classes at Iowa State.