Abstract
Internet of Things devices are commonly overlooked when it comes to security. Deployment follows the trend that the devices are powered on and installed, often without proper configuration or regards to the security they possess. Being Internet connected, these devices should be held to the security standards that other systems are held to. Vulnerability scanners are the most effective and least time-consuming method to determine the vulnerabilities present on a device and provide insight on steps for mitigation and hardening. However, these scanners do not inherently support the lightweight, low powered, and proprietary nature of IoT devices. This paper analyzes and compares the use of several well-known and lesser-known open-source vulnerability scanners used with home IoT devices. The aim is to cover all aspects of using these programs: the ease of use, support available, effectiveness of the scanners, direction provided in mitigation, and various operational metrics. In the end, a comprehensive analysis of each scanner will be provided, discussing the advantages and disadvantages of each, as well as their best use cases. The intention of these results is to provide an informative viewpoint on what vulnerability scanner should be selected for an individual based on a hands-on analysis and comparison.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Goasduff L (2021) Gartner Says 5.8 Billion enterprise and automotive IoT endpoints will be in use in 2020. https://www.gartner.com/en/newsroom/press-releases/2019-08-29-gartner-says-5-8-billion-enterprise-and-automotive-io. Accessed 8 June 2021
Mahmoud R, Yousuf T, Aloul F, Zualkernan I (2015) Internet of things (IoT) security: current status, challenges and prospective measures. 2015 10th International conference for internet technology and secured transactions (ICITST). IEEE, New York, pp 336–341
Deogirikar J, Vidhate A (2017) Security attacks in IoT: a survey. In: 2017 International conference on I-SMAC (IoT in social, mobile, analytics and cloud) (I-SMAC). IEEE, New York, pp 32–37 (2017)
Chalvatzis I, Karras DA, Papademetriou RC (2019) Evaluation of security vulnerability scanners for small and medium enterprises business networks resilience towards risk assessment. In: 2019 IEEE international conference on artificial intelligence and computer applications (ICAICA). IEEE, New York, pp 52–58 (2019)
Amro A (2020) Iot vulnerability scanning: a state of the art. Comput Security, pp 84–99 (2020)
Markowsky L, Markowsky G (2015) Scanning for vulnerable devices in the internet of things. 2015 IEEE 8th International conference on intelligent data acquisition and advanced computing systems: technology and applications (IDAACS), vol 1. IEEE, New York, pp 463–467
Hassija V, Chamola V, Saxena V, Jain D, Goyal P, Sikdar B (2019) A survey on IoT security: application areas, security threats, and solution architectures. IEEE Access 7:82721–82743
Anand P, Singh Y, Selwal A, Alazab M, Tanwar S, Kumar N (2020) IoT vulnerability assessment for sustainable computing: threats, current solutions, and open challenges. IEEE Access 8:168825–168853
Corp F (2021) Vuls. https://github.com/future-architect/vuls. Accessed 8 June 2021
Rahalkar S (2019) Openvas. Quick start guide to penetration testing. Springer, Berlin, pp 47–71
Mikulskis J, Becker JK, Gvozdenovic S, Starobinski D (2019) Snout: an extensible IoT pen-testing tool. In: Proceedings of the 2019 ACM SIGSAC conference on computer and communications security, pp 2529–2531
Vulscan (2021) https://github.com/scipag/vulscan. Accessed 8 June 2021
Rapid7 (2017) IoTSeeker: locate connected IoT devices and check for default passwords. https://information.rapid7.com/iotseeker.html. Accessed 8 June 2021
Bugeja J, Jönsson D, Jacobsson A (2018) An investigation of vulnerabilities in smart connected cameras. 2018 IEEE international conference on pervasive computing and communications workshops (PerCom workshops). IEEE, New York, pp 537–542
Yang H, Lee W, Lee H (2018) Iot smart home adoption: the importance of proper level automation. J Sensors 2018 (2018)
Singh KJ, Kapoor DS (2017) Create your own internet of things: a survey of iot platforms. IEEE Consumer Electron Maga 6(2):57–68
Jin Y (2018) IoT/CPS security vulnerability database. https://iot.institute.ufl.edu/academics/iot-cps-security-vulnerability-database/. Accessed 9 June 2021
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
deRito, C., Bhatia, S. (2022). Comparative Analysis of Open-Source Vulnerability Scanners for IoT Devices. In: Hemanth, D.J., Pelusi, D., Vuppalapati, C. (eds) Intelligent Data Communication Technologies and Internet of Things. Lecture Notes on Data Engineering and Communications Technologies, vol 101. Springer, Singapore. https://doi.org/10.1007/978-981-16-7610-9_58
Download citation
DOI: https://doi.org/10.1007/978-981-16-7610-9_58
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-7609-3
Online ISBN: 978-981-16-7610-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)