Threat Research

83 million IoT devices in 16 million homes scanned in largest study of its kind

Jeff Elder, 18 June 2019

North America has the highest IoT density of any region, with two-thirds of scanned homes possessing at least one device

From “smart” TVs  to security cameras, Internet of Things (IoT) devices are now commonly found in modern homes. A large percentage of households around the globe contain at least one networked IoT device, according to our recent research in collaboration with Stanford University. It is the largest study yet on the internet of things in consumers’ homes.  Findings from the full paper: "All Things Considered: An Analysis of IoT Devices on Home Networks," can be found here.

Avast scanned 83 million IoT devices in 16 million homes worldwide to understand the distribution of IoT devices by type and manufacturer. We learned that there are significant regional variations in the concentration and popularity of IoT devices.

Key findings

  • North America has the highest density of IoT devices, with 66% of scanned homes possessing at least one IoT device, compared to the global average of 40%.
  • In Western Europe, 57% of homes have at least one IoT device, compared to 26% in Eastern Europe.
  • Eastern Europe has significantly more surveillance devices than Western Europe. For homes with three IoT devices, the number of surveillance devices shoots up to 13% from 5%.
  • In South Asia, surveillance devices account for 54% of total devices in the region, yet in North America these only account for 4%.
  • In South America, significantly fewer homes have an IoT device, compared to North America (34% vs 66%).
  • In North Africa and Middle East (combined), media devices account for 35% of IoT devices.

FTP and Telnet are older protocols that are known to be insecure.  The study found that 7% of IoT devices and 14% of home routers support FTP or Telnet services with only a small dictionary of common credentials. In both cases, admin/admin is most common and accounts for 88% of weak FTP credentials and 36% of weak Telnet credentials.

Regions vary in terms of IoT device vulnerability. North America has the smallest vulnerable population of Telnet devices, and only 14% of FTP devices in Western Europe support weak credentials. However, we learned that more than 55% of FTP devices in Sub-Saharan Africa are weak; and more than half of the devices in Southeast Asia that support FTP have a guessable password.

The likelihood of having weak credentials may be linked to weaker security posture in the region overall.

“The number of IoT devices today has officially surpassed the world’s population, with this number only set to grow. As our lives become increasingly intertwined with smart devices, we must ensure the security of these devices,” said Deepali Garg, Senior Data Scientist at Avast.  

In the next post, we’ll take a closer look at IoT vendors – which companies are making these devices and from what parts of the world?

Watch a hacked 'smart' coffee maker

Internet of Things devices are the fastest growing sector of home electronics, but they can open your home up to cyberattacks. Senior Researcher Martin Hron shows us how he turned a smart coffee maker into a ransomware nightmare through its open Wi-Fi connection.