Go to TETC 2023 homepageA Large Scale Characterization of Device Uptimes
Abstract: Devices ages, also referred to as uptimes, convey information about systems, and are instrumental for patching and rejuvenation purposes. Knowing that a device is up for a long time suggests that it may be at risk or that degradation due to bugs may be in place. Nonetheless, there has been no systematic study of devices uptimes so far. The goal of this paper is to provide a large scale characterization of device uptimes, from the perspectives of a Reddit forum and Shodan. Among our findings, we identified that in the Reddit forum users typically assume that devices lingering up for more than 2 years are assumed to be long-lasting, and 25% of users assume that an uptime of 200 days is considered large. In addition, using Shodan we were able to identify a significant fraction of devices whose uptimes are larger than such threshold, posing security and performance risks to its users. We also found that routers are the devices with the largest uptimes, and that there is a positive correlation between devices tagged by Shodan as compromised and uptimes, with those devices having an average uptime beyond 250 days, that is roughly twice the average uptime in our dataset. In summary, our work suggests that it is viable to characterize uptimes from a system-wide viewpoint, and that such characterization sheds insight on the lifecycle of products and vulnerabilities.
0 Replies
Loading