This paper examines the up-to-dateness of installed firmware versions of Internet of Things devices accessible via public Internet. It takes a novel approach to identify versions based on the source code of their web interfaces. It analyzes data sets of 1.06m devices collected using the IoT search engine Censys and then maps the results against the latest version each manufacturer offers. A fully scalable and adaptive approach is developed by applying the SEMMA data mining process. This approach relies on three data artifacts: raw data from Censys, a mapping table with firmware versions, and a keyword search list. The results confirm the heterogeneity of connected IoT devices and show that only 2.45 percent of the IoT devices “in the wild” run the latest available firmware. Installed versions are 19.2 months old on average. This real-world evidence suggests that the updating processes and methods used by engineers so far are not sufficient to keep IoT devices up-to-date. This paper identifies and quantifies influencing factors and captures the global and diverse distribution of IoT devices. It finds manufacturer and device type influence the up-to-dateness of firmware, whereas the country in which the device is deployed is less significant.

中文翻译：

---

大规模物联网固件版本分布分析


本文检查了可通过公共互联网访问的物联网设备已安装固件版本的最新性。它采用一种新颖的方法来根据 Web 界面的源代码来识别版本。它分析使用 IoT 搜索引擎 Censys 收集的 106 万台设备的数据集，然后将结果与每个制造商提供的最新版本进行映射。通过应用 SEMMA 数据挖掘流程开发了一种完全可扩展和自适应的方法。这种方法依赖于三个数据工件：来自 Censys 的原始数据、带有固件版本的映射表以及关键字搜索列表。结果证实了联网物联网设备的异构性，并显示只有 2.45% 的“野外”物联网设备运行最新的可用固件。安装的版本平均有 19.2 个月。这一现实世界的证据表明，工程师迄今为止使用的更新流程和方法不足以使物联网设备保持最新状态。本文识别并量化了影响因素，并捕获了物联网设备的全球多样化分布。研究发现制造商和设备类型会影响固件的最新性，而部署设备的国家/地区则影响较小。