Background
Modern consumer IoT devices ship with firmware that phones home. Everyone knows this. What is less discussed is what else that firmware is capable of when properly motivated.
Methodology
We acquired 340 consumer IoT devices across 47 manufacturers. Each was subjected to firmware extraction, static analysis, and behavioral observation in an isolated RF environment over 90 days.
Key Findings
- 23% of devices contained dormant code paths with no corresponding user-facing feature
- 8% transmitted data to endpoints not documented by the manufacturer
- 2 devices responded to stimuli that we did not introduce
Finding #3 has been reported through appropriate channels. We will not be elaborating further in this document.
Recommendations
If you are deploying IoT devices in a sensitive environment, assume they are not yours.
Publication of the full dataset is pending review. Do not request the dataset.