Search papers, labs, and topics across Lattice.
This paper investigates whether network configurations of internet-exposed IoT devices, specifically those using TCP port 7547 (TR-069/CWMP), correlate with population-level exposure risk. The authors analyzed a multi-country sample of 100 Shodan-identified hosts per country, enriching the data with scan-derived metadata and performing feature-relevance assessment and supervised classification. The study reveals significant cross-country variations in exposure structure and demonstrates the feasibility of classifying higher-risk exposure profiles with a balanced accuracy of 0.61.
IoT devices in different countries exhibit surprisingly consistent differences in their exposure to risky ports, suggesting systemic variations in security practices.
An open measurement problem in IoT security is whether scan-observable network configurations encode population-level exposure risk beyond individual devices. An analysis of internet-exposed IoT endpoints using a controlled multi-country sample from Shodan Search and Shodan InternetDB, selecting 100 hosts identified via TCP port 7547 (TR-069/CWMP) and evenly distributed across the ten most represented countries. Hosts are enriched with scan-derived metadata and analyzed using feature-relevance assessment, cross-country comparisons of open and risky port exposure, and supervised classification of higher-risk exposure profiles. The analysis reveals consistent cross-country differences in exposure structure, with mean risky-port counts ranging from 0.4 to 1.0 per host, and achieves balanced accuracy of approximately 0.61 when classifying higher-risk exposure profiles.
