A Study on Internet of Things Devices Vulnerabilities using Shodan

IoT has attracted a diverse range of applications due to its adaptability, flexibility, and scalability. However, the most significant barriers to IoT adoption are security, privacy, interoperability, and a lack of standards. Due to the persistent online connectivity and lack of security measures, adversaries can quickly attack IoT systems for various adversarial operations, financial gain, and access to sensitive data. We conducted a massive vulnerability scan on IoT devices using Shodan, the IoT search engine. The discovered vulnerabilities are analyzed using the Octave Allegro risk assessment method to determine the risk level (Critical, High, Moderate, Low, None), and the results are classified based on the vulnerabilities. The research findings are intriguing, shocking, and alarming, revealing the bitter reality that IoT devices are rapidly increasing while simultaneously eroding users' privacy on a never-before-seen scale. Our search discovered 13,558 webcams with outdated components, 11,090 devices disclosing NAT-PMP information, and 16,356 connected devices responding to remote telnet access. Around 2,456 IoT devices were found with the Heartbleed vulnerability, 674 with the Ticketbleed vulnerability, and 9,241 with expired SSL certificates. Nearly 18,638 IoT consumer devices are configured with insecure default settings; 11,481 devices with default SNMP agent community names; 4,987 devices running on non-standard ports; and 4,425 Cisco devices are configured with generic or default passwords.


I. INTRODUCTION
EVIN Ashton coined the term "Internet of Things" in 1990 [1] to refer to RFID-tagged items that are electronically identifiable, trackable, and capable of Internet interaction.The Massachusetts Institute of Technology (MIT) presented an IoT vision in 2001 [2], and the International Telecommunication Union (ITU) formally established the IoT in 2005 [3].The European Research Cluster on the Internet of Things (IERC) defines the IoT as "a dynamic global network infrastructure with self-configuring capabilities based on standards and communication protocols, in which physical and virtual things have identities, physical attributes, virtual personalities, and communicate intelligently" [4].The IoT, a novel paradigm, rapidly absorbed modern wireless telecommunications and profoundly influenced numerous facets of human life, including smart assistants, smart vehicles, smart homes, smart environments, smart retail, smart agriculture, smart cities, smart transportation, smart healthcare, smart industry, and smart wearables.Researchers' forecasts vary significantly, with a low estimate of 20 billion and a high estimate of 125 billion connected devices by the end of 2030.According to the US's National Intelligence Council (NIC) [5], Internet nodes will be embedded in everyday objects such as food packaging, furniture, and paper documents by 2025.IHS Markit [6] predicted that there would be about 125 billion connected devices by the end of 2030, and Gartner [7] of the US predicted that there would be about 20.4 billion connected devices by the end of 2020, too.The global IoT market will be approximately US $193.60 billion in 2020 and reach the US $657.31 billion by 2025 [8].According to Fortune business insights [9], the global IoT market was valued at US $190.0 billion in 2018 and is expected to grow to the US $1,102.6 billion by 2026.According to a McKinsey Global Institute report, the economic impact of IoT applications could range between US $3.9 and 11.1 trillion annually in 2025 [10].Due to the proliferation of Internet-connected devices and IoT infrastructure over the last few years, the frequency and size of DDoS attacks via IoT botnets have increased significantly [11,12].Due to the low level of human interaction with IoT devices, severe security and privacy issues arise, such as device tracking and data collection [13,14].
Due to resource constraints such as limited battery life, processing, and storage capabilities, the online use of traditional Internet protocols, reduced packet size, and device efficiency in terms of quality and security are challenging K VOLUME 22 (2), 2023 [15].Given the societal impact of IoT device vulnerabilities, this study aims to determine the most vulnerable category of IoT devices, the most frequently exploited vulnerability in IoT devices, and the associated risk level.The remainder of this paper is organized as follows: Section 2 discusses the preliminary study, which includes IoT components vulnerability model, attacks on IoT devices, and the Shodan search engine; Section 3 discusses related works in the domain of IoT device vulnerability assessment; Section 4 discusses the research methodology used in this work; Section 5 discusses the Octave Allegro risk assessment methodology; Section 6 discusses the results and observations of our study, and Section 7 concludes the paper with recommendations.

A. IoT COMPONENTS VULNERABILITY MODEL
As depicted in Figure 1, a typical IoT System comprises seven interconnected components to form a complete system.Every component has its functionality and contribution, and at the same time, every component has its vulnerability.This section describes the functionality of every component of an IoT system and the associated vulnerabilities.IoT devices comprise the layer of sensors, actuators, and smart objects that measure environmental data and physical characteristics.Common IoT device vulnerabilities and threats are outlined in Table 1.

b. Network
The network component transfers data collected by IoT devices to the gateway via the Internet, mobile communication networks, satellite networks, and wireless sensor networks.The most prevalent network vulnerabilities and threats are described in Table 1.

c. Security
Security comprises all elements that guarantee data transfer security, prevent illegal access, and regulate access.Common security weaknesses and attacks are outlined in Table 1.

d. Gateway
An IoT gateway is a physical or virtual platform that acts as an intermediate between IoT devices and the Cloud to ensure controlled data flow and security, order transfer, data preprocessing, energy savings, and latency reduction.In IoT environments, the devices and gateway are susceptible to the threat vectors indicated in Table 1.

e. The Cloud
A cloud is a data storage, in-depth analysis, and management resource.The Cloud is where much sensor data is turned into useful information.The Cloud can be equipped with analytics software, visualization tools, artificial intelligence (AI), and machine learning for in-depth data analysis and processing.Common Cloud-related vulnerabilities and attacks are listed in Table 1.

f. Application
An application is the user interface for IoT technology.Users may monitor analytics and statistics, manage devices, and operate the system.Common application vulnerabilities and exploits are outlined in Table 1.

g. Users
Users, who utilize the IoT system for their reasons and comfort, are a crucial component.

Devices
Node capture An unauthorized user seizes and completely controls a node.

Fake node
Attacker creates a fictitious node, inserts and prevents the sending data.

Cloning of things
Introducing fake objects based on the physical features of the authentic node.

Malicious substitutions
Installing a product of inferior quality which is vulnerable will be a honeypot.Tracking Objects Extracts of information from obtained data, thereby collecting user behavior patterns.

Network
Eavesdropping An adversary intercepts, changes, or deletes data exchanged between two devices.

Man in the Middle Attack
An attacker intercepts and relays communications between two parties that believe they are communicating directly.

Meet-in-themiddle
Cryptographic space-time tradeoff attack against encryption techniques.

Identity theft
Using someone else's identity to gain unauthorized access to system resources.

Denial of Service attack
An attack is intended to render a system or network inaccessible to its intended users.

Bluesnarfing
Theft of information from a Bluetoothconnected wireless device.

B. ATTACKS ON IoT DEVICES
The primary reasons for attacks on interconnected things and devices are an insecure web interface, misconfiguration, insufficient authentication, ignoring security patches, vulnerable software, expensive security controls [16], insecure network services, and device availability [17].Existing IoT security mechanisms are primarily concerned with data protection and access control, adequately not addressing realworld issues such as tracking, profiling, leakage, accountability, responsibility, and privacy [14,18].In 2011, University of Washington researchers attacked a car's Bluetooth system, allowing the driver to make hands-free phone calls [19].In 2013, over 1.2 billion Internet-connected devices were tracked, with an average of 300 million new scan probes added each month [20].In 2015, attackers took down Sony Pictures' gaming consoles, televisions, and smartphones [21].In the same year, Internet-connected embedded devices such as CCTV cameras were hacked and used to launch a DDoS attack against the IoT infrastructure [22].Hackers took complete control of a Jeep SUV [23] in the Jeep Hack (2015) by exploiting a firmware vulnerability in the IoT-connected CAN bus and controlling the air conditioning, radio, and windshield wipers, as well as deactivating the ignition system.The well-known IoT botnet attack, the "Mirai attack (2016)" [24], took control of significant websites via a massive DDOS attack utilizing hundreds of thousands of compromised IoT devices such as home routers, air-quality monitors, and personal surveillance cameras.The attack infected over 600,000 vulnerable IoT devices.In 2017, hackers breached a fish tank at a North American casino, attacked the network, gathered sensitive data, and transferred it to Finland [25].In 2017, the security flaw known as "Devil's Ivy" granted attackers complete remote access to the IoT devices of twenty-four large companies, including Bosch, Canon, Cisco, D-Link, Fortinet, Hitachi, Honeywell, Huawei, Mitsubishi, Netgear, Panasonic, Sharp, Siemens, Sony, and Toshiba [26][27][28].

C. SHODAN SEARCH ENGINE
In 2009, programmer John Matherly created "Shodan.io," a search engine for the IoT [29], a popular tool for unauthorized surveillance [29], which focuses on locating and exploiting IoT device vulnerabilities.Shodan can see an infinite number of accessories; it aggregates over 3.7 billion public IPv4 addresses and hundreds of millions of IPv6 addresses to discover vulnerabilities [30].Shodan [29] enables the search for IoT devices by specifying their type, location, and various other parameters, returning graphical results that include the IP address, location, open ports, and credentials of the IoT devices.Shodan's internet-wide port scanner probes devices' ports, captures the resulting banners, indexes the corresponding public IP address, and stores the results in an interim database for future lookups.Shodan [31] has been a dependable tool for IoT researchers and security professionals to determine the type of devices on the Internet.Shodan's database aids device discovery by providing necessary information [32], enabling users to discover devices connected to the Web via various channels, including administration flags [33][34][35][36].Shodan monitors Web servers, HTTP (80), FTP (21), SSH (22), Telnet (23), SNMP (161), and Taste (5060) administrations.Shodan's results are excessively numerous, potentially irrelevant (i.e., obsolete, non-specific, and incomplete), challenging to comprehend, and require efficient interpretation.

III. RELATED WORKS
This research is based on the literature review in three key areas: IoT devices, vulnerabilities, and vulnerability assessment.Allen-Bradley discovered four honeypots in 2014 while tracking ICS devices for the US Military exposed to Shodan [29].Later that year, Bodenheim et al. [35] investigated Shodan's SCADA capabilities and concluded that Shodan poses a threat to Internet-connected things.Markowsky et al. [36] demonstrated in 2015 that the Internet of Things (IoT) is naturally reachable via Shodan, and Patton et al. [37] investigated several emerging IoT vulnerabilities in mid-2017.In 2018, Samtani et al. used Shodan to scan and identify over half a million devices, of which tens of thousands had critical flaws.OCTAVE [38] is a mechanism for discovering and assessing vulnerabilities to information security.In 1999, the Software Engineering Institute (SEI) at Carnegie Mellon University published the conceptual framework that formed the foundation of the original OCTAVE technique.Since its initial release in September 1999, the OCTAVE approach has undergone numerous revisions and modifications [38].OCTAVE Allegro [39,40] is a version of the OCTAVE approach, which is a comprehensive evaluation of an organization's operational risk environment that yields improved results without requiring extensive risk assessment experience.In [41], the authors utilized the OCTAVE allegro methodology to identify risks in the fleet management system (FMS), identified and ranked the risks to be mitigated, presented mitigation recommendations, and demonstrated the solution's effectiveness.In [42], the authors utilized the OCTAVE allegro approach to evaluate the information system risk at the ed-tech organization to determine the risk mitigation priorities.In [43], the authors established a risk assessment model for universities based on OCTAVE allegro, assessed and evaluated the risk in Higher education Institutes, measured the risk severity, estimated the risk acceptance threshold, and enhanced risk management decision-making.The above facts, vulnerabilities in IoT devices, the significance of the Shodan search engine, and the effectiveness of the OCTAVE Allegro risk assessment methodology urged us to combine all three aspects and execute a massive vulnerability scan on connected IoT devices.

IV. RESEARCH METHODOLOGY
Indeed, the steadily increasing number of connected things and the plethora of potential vulnerabilities afflicting the devices compel the researcher community to regularly conduct large-scale IoT vulnerability assessments.To address this gap, we pose the following research questions: 1. Which categories of IoT devices are most vulnerable? 2. What are the most frequently exploited vulnerabilities in IoT devices? 3. What is the risk level associated with the vulnerabilities?
The methodology adopted to address the research questions consists of three key steps: 1. Footprinting/identification of IoT devices 2. Risk identification 3. OCTAVE Allegro based risk assessment The IoT device footprinting phase is depicted in Figure 2, in which the Shodan search engine is used to locate IoT devices using various keywords.

Figure 2. IoT device footprinting
After identifying the devices, we manually examined each device for available risks.Our search was concentrated on eight distinct areas, including outdated components, the use of an insecure protocol, the execution of an insecure protocol, the execution of insecure network services, software vulnerability in the devices, insecure default settings in the devices, services running on non-standard ports, the device running with default credentials, and the devices with default operating system credentials.After identifying the impact area and the risks associated with each area, we used the OCTAVE ALLEGRO risk assessment methodology to assess the identified risk.The phases and steps of OCTAVE ALLEGRO are depicted in Figure 3, and the approach is detailed in Section V.

V. OCTAVE ALLEGRO RISK ASSESSMENT
OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a technique for identifying and assessing information security issues [40].The purpose of OCTAVE is to assist the organization in developing qualitative risk evaluation criteria that describe the company's operational risk tolerance, identifying the assets that are crucial to the organization's mission, identifying vulnerabilities and threats to those assets, and determining and evaluating the potential consequences for the organization if the threat is materialized [40].OCTAVE Allegro is a variation of the OCTAVE approach, a complete assessment of the organization operational risk environment that produces improved outcomes without requiring substantial expertise in risk assessment [40].

A. ESTABLISHING DRIVERS Step 1: Establishing Risk Measurement Criteria
The principal objective of this step is to identify the most significant impact areas.We identified eight impact areas based on the top IoT vulnerabilities identified by OWASP.We ranked each impact area according to its frequency of appearance in Shodan searches.Column 1 (impact area) in Table 2 depicts the impact area identified for this work.

B. PROFILE ASSETS Step 2: Developing Information Asset Profile
We developed four categories of profiles, communication, configuration, hardware, and software because these are the four essential components of an IoT network.Column 2 (assets profile) in Table 2 depicts the asset profiles identified for this work.
Step 3: Identifying Information Assets Containers Identification of the information asset container is divided into two, namely technical and non-technical, with an external and an internal side for each.Column 3 (assets containers) in Table 2 depicts the asset containers identified for this work.

H. Operating System Credentials
The use of insecure default passwords Disallows users to modify the default password Users would rather not update their passwords Step 5: Identifying Threat Scenarios When identifying a threat scenario, the threat characteristics, actors, means, goals, outcomes, and security requirements of the area of concern having been identified in step 4, are described.Instead of providing the threat scenario for all the areas of concern, we provided the threat scenario for only one area of concern in Table 4.

D. IDENTIFYING AND MITIGATING RISK Step 6: Identifying Risks
In this step, the risks associated with each impact area are identified.Each area has been assigned a priority value and grouped into four impact categories: critical, high, moderate, and low.An impact value is assigned to each category within the range of 1 to 4. Table 5 displays identified risks for each impact area, along with their assigned priority ratings and corresponding impacts.The Risk score (rs) is computed using the equation (1).This study considers the outdated versions of MiniUPnP [44] used in various connected consumer devices.

b. Insecure Network Services
Network services running on the device can jeopardize the system security and integrity.When an IoT device is connected to the Internet, it opens the door to unauthorized remote access and data leakage.By exploiting flaws in the network communication model, attackers can successfully compromise the security of an IoT endpoint.In this work, we examine the NAT-PMP mapping protocol [45] because it is primarily used to establish automatic NAT and port forwarding between consumer IoT devices.Insecure configuration and failure to enforce NAT-PMP restrictions create a high level of vulnerability, allowing an external attacker to gather additional information about the network.

c. Software Vulnerabilities
A software vulnerability is a flaw in software that enables an attacker to take control of the affected system.These flaws can occur due to the software design or a coding error.A software vulnerability can be used to steal or manipulate VOLUME 22(2), 2023 sensitive data, connect a system to a botnet, install a backdoor, or plant other types of malware.Additionally, once an attacker has gained access to one network host, he or she can use that host to gain access to other hosts on the same network.In this work, we searched for devices with Heartbleed [46], Ticketbleed [47], and expired SSL certificates in OpenSSL and TLS/SSL.

d. Insecure Default Settings
Vulnerabilities in the system's default settings expose it to various security risks, resulting from hardcoded passwords, inability to keep up with security updates, or outdated components.We considered SNMP a vulnerable generic protocol used by default in conventional IoT consumer devices to share community names and network-related information.

e. Services Running on Non-Standard Ports
Operating a well-known service from a non-standard port is an excellent approach to remain anonymous, which is often referred to as the concept of security by obscurity, and it is widely regarded as an ineffective and obsolete approach.The effect of remaining hidden may mislead the server/device operator into a false sense of security.We examined the IoT data protocols MQTT (1833), CoAP (5683), AMQP (5672), and XMPP (5222) that operate over non-standard ports in this study.

f. Device & OS Default Credential
Cyber-attacks are more likely to occur on IoT devices with weak default passwords.Manufacturers of IoT devices must pay close attention to password settings when launching the device [24].Either the device prohibits users from changing the default password, or the users prefer not to change it even if they can.Additionally, successful attempts to gain unauthorized access to one device expose other devices in the system to risk as IoT devices frequently share default passwords.

VI. RESULTS AND DISCUSSION
The findings of this work are fascinating, shocking, and alarming, revealing the bitter reality that the number of IoT devices is rapidly increasing while simultaneously eroding users' privacy on a never-before-seen scale.Out of 210,125 scanned devices, 28,409 (13.52%) are vulnerable, with 3,623 (12.75%) devices at a critical risk level, 13,131 (46.22%) devices at a high-risk level, 8,964 (31.56%) devices at a medium-risk level, and 2,691 (9.47%) devices at a low-risk level.We will further classify our findings based on the vulnerabilities (risks) listed out in Table 2.

A. OUTDATED COMPONENTS
The most frequently exploited critical vulnerability in IoT consumer devices is outdated versions of MiniUPnP [44], which can be used in various ways, including launching DoS attacks.This vulnerability allows malware, trojans, or worms to bypass the router's firewall and infect connected devices.Our search discovered 13,558 webcams, the typical consumer IoT device; the results are analyzed and tabulated in

B. INSECURE PROTOCOL
The NAT-PMP mapping protocol (NAT-PMP) [45] is primarily used to establish automatic NAT and port forwarding among consumer IoT devices.Unsecured configuration and failure to enforce NAT-PMP restrictions result in a high level of vulnerability, allowing an external attacker to gain additional information about the network.The typical limits not configured in the NAT-PMP block mapping requests are sent to or received on the NAT gateway's external IP address or external network interface.Table 7 summarizes the number of webcams that responded to our external NAT-PMP probes for malicious port mapping manipulation and device disclosure.Almost 61.5% (8,338) of the 13,558 scanned internet-connected webcams responded to eternal NAT-PMP port mapping manipulation inquiries, and 81.8% (11,090) of the 13,558 devices disclosed information about the NAT-PMP.

C. INSECURE NETWORK SERVICES
Our search was widened to include IoT devices that support industry-standard network protocols such as Telnet [48], FTP [49], RDP [50], and SMB [51].Telnet and FTP are wellknown for their unencrypted data transmission vulnerabilities, making them vulnerable to attacks such as brute force, bounce, and MITM attacks, resulting in the attacker's login credentials being outflowed.The RDP contains numerous vulnerabilities, the most recent is the BlueKeep vulnerability (2019).These flaws enable attackers to connect to RDP services to steal or modify data, install malware, or perform other malicious acts.

G. DEVICE DEFAULT CREDENTIAL
The search for default credentials on internet-connected devices revealed an unpleasant truth: the IT community's information security awareness is still lacking.As shown in

H. OS DEFAULT CREDENTIAL
The Mirai botnet attack [24] highlighted the dangers of default passwords and how they add significant complexity to IoT systems.Our search uncovered 16,936 operating systems that included vendor-supplied passwords.An attacker can remotely access the device by utilizing a vendor-supplied default password, exposing sensitive business information.
Table 13 shows the percentages of various devices with vendor-supplied passwords embedded in their operating systems.CentOS is the most popular operating system, accounting for 93.53% (15,840), with Ubuntu accounting for 3.87% (656), Fedora accounting for 2.03% (343), Windows accounting for 0.44% (75), and RedHat accounting for 0.13% (22).Step 8: Select Mitigation Approach In this step, a suitable mitigation strategy must be chosen or proposed for each risk based on its risk score and its impact.This work's primary purpose is to reveal the number of internet-connected devices with various vulnerabilities and their impact.As this work focused on internet-connected devices used globally by various entities, adopting a specific risk mitigation strategy would not address the issue.the following section, however, we provide recommendations for IoT stakeholders to defend their networks based on the findings of this study.

VII. CONCLUSIONS AND RECOMMENDATIONS
This study conducted a large-scale vulnerability scan to identify common security issues and vulnerabilities in connected IoT devices.The identified vulnerabilities are analyzed to determine the risk level.We discovered The research findings are fascinating, shocking, and alarming, revealing the bitter reality that the number of IoT devices is rapidly growing while eroding users' privacy on an unprecedented scale.
As a result of this study, the following recommendations are made for IoT stakeholders.
R1: Use an approved naming convention for IoT devices.R2: Any IoT-enabled device boot process must be protected against the execution of malicious programs with appropriate scanning.
R3: Keep sensors and appliances under regular surveillance to prevent tampering and reconfiguration.
R4: Precautions should be taken to prevent the injection of malicious code into devices.
R5: Utilize two-factor authentication whenever possible and have access exclusively to the IT systems they are authorized to use for their assigned job.
R6: The architecture and endpoints of IoT networks must be frequently examined to guarantee security.
R7: All control commands and data should pass via a gateway to prevent direct access from outside the network.
R8: Monitor and check physical security of the devices regularly.
R9: Turn off the IoT devices that are not in use.R10: All the devices must be equipped with a cryptographic key to execute any command.
R11: Allow only the encryption-capable devices to be connected to the network.
R12: Use network segmentation to protect IoT devices from your IT network core infrastructure.
R13: A comprehensive IoT security strategy must be created by documenting all relevant aspects.R14: Whenever a new security breach is discovered, all IoT devices belonging to a particular vendor must apply security fixes.
R15: Configure automated updates to reduce the attack window between patch releases.Ensure that device lifecycle details are recorded and acted upon.
R16: Provide an ongoing training program on the security features and methods for existing users.

Figure 3 .
Figure 3. OCTAVE Allegro Phases and Steps OCTAVE Allegro focuses on information assets in the context of how they are utilized, where they are kept, delivered, and processed, and how they are impacted by risk, vulnerability, and disruption.Four essential OCTAVE Allegro processes are: 1. Establish Drivers 2. Profile assets 3. Identify Threats 4. Identify and mitigate risk.As demonstrated in Figure 5, OCTAVE Allegro has eight distinct steps over its four levels.

Table 1
lists common vulnerabilities and threats connected to users.

Table 2 .
Establishing drivers and profile assets C. IDENTIFYING THREATS Step 4: Identifying Areas of ConcernIdentify areas of concern by reviewing each container to see and determine potential areas and continue by documenting each identified area of concern.Areas of concern are extended to get threat scenarios and then document them to see if they affect security requirements.Table3shows the identified areas of concern for each impact area.

Table 3 .
Impact area and area of concern

Table 5 .
Identifying Risk and Risk Score

Table 6
The study shows that many webcams connected to the Internet are equipped with vulnerable, insecure, and out-of-date components.

Table 6 .
Outdated Components Analysis

Table 7 .
Insecure Protocol Analysis

Table 8 .
Due to a critical vulnerability in the server message block (SMB) service, US-CERT [52] recommends blocking all SMB versions.Regrettably, many versions of Windows and other operating systems come with SMB enabled by default.Our search revealed 20,885 IoT devices configured to use insecure network services such as Telnet, FTP, Remote Desktop Protocol (Bluekeep), and SMB version 1 (Wannacry ransomware) [51].Table 8 details the number of devices in each category and their associated risk levels.Approximately 78.31% (16,356) of the 20,885 scanned devices support telnet, 20.28% (4,236) support FTP, 0.75% (156) support RDP, and 0.65% (137) support SMB version 1. Insecure Network Services Analysis

Table 9 .
Software Vulnerability Analysis

Table 10 .
Insecure Default Settings Vulnerability Analysis

Table 11 .
Services running in non-standard ports.

Table 12 .
Device default Credentials

Table 13 .
Operating System Credential Issues 13,558 webcams with outdated components such as MiniUPnPd, around 8,338 webcams connected to the Internet responded to persistent NAT-PMP port mapping manipulation queries, while 11,090 devices disclosed information about the NAT-PMP.Remote telnet access is supported on 16,356 scanned devices, FTP is supported on 4,236 devices, RDP is supported on 156 devices, and SMB version 1 is supported on 137 devices.Further, 2,456 IoT devices were discovered with Heartbleed vulnerable, 674 with Ticketbleed vulnerable, and 9,241 with expired SSL certificates.Additionally, our search identified 18,638 IoT consumer devices with insecure default settings and 11,481 with default SNMP agent community names.4,987 devices use non-standard ports to run services (2,267-MQTT, 1,246-CoAP, 341-AMQP, 133-XMPP).Around 4,425 Cisco devices are configured with default passwords, 38 Cisco devices are vulnerable to the Cisco VPN 3000 series concentrators vulnerability, 291 Netgear routers, and 169 OpenWRT routers are configured with default credentials, totaling 15,840 devices with default passwords.