Research on Password Detection Technology of IoT Equipment Based on Wide Area Network

Abstract

At present, while the Internet of Things (IoT) devices bring convenience to people, security issues have led to an increasing number of threats to IoT security. Since IoT devices have a Web application system for device managers to operate, the system can view device information, control and configure device status, and its security is of great significance. Among the various authentication methods provided by IoT devices, the password information authentication mechanism is still a critical method for Web login. If the IoT device has a weak Web password, once a hacker discovers the device, it is straightforward to be attacked and implanted with malicious code to control the device and attack other devices in the network. In response to this problem, this paper designs a set of automatic detection frameworks for weak passwords for web application systems of IoT devices. Based on this framework, an automated weak password detection system was developed to detect weak Web passwords on IoT devices on the wide-area networks of Beijing, Shandong Province, and Zhejiang Province. A total of 12,179 devices with weak Web passwords were found, accounting for all discovered IoT devices of 7.58%, verifying the effectiveness of the proposed framework.