Comparative Analysis of Open-Source Vulnerability Scanners for IoT Devices
Internet of Things devices are commonly overlooked when it comes to security. Deployment follows the trend that the devices are powered on and installed, often without proper configuration or regards to the security they possess. Being Internet connected, these devices should be held to the security standards that other systems are held to. Vulnerability scanners are the most effective and least time-consuming method to determine the vulnerabilities present on a device and provide insight on steps for mitigation and hardening. However, these scanners do not inherently support the lightweight, low powered, and proprietary nature of IoT devices. This paper analyzes and compares the use of several well-known and lesser-known open-source vulnerability scanners used with home IoT devices. The aim is to cover all aspects of using these programs: the ease of use, support available, effectiveness of the scanners, direction provided in mitigation, and various operational metrics. In the end, a comprehensive analysis of each scanner will be provided, discussing the advantages and disadvantages of each, as well as their best use cases. The intention of these results is to provide an informative viewpoint on what vulnerability scanner should be selected for an individual based on a hands-on analysis and comparison.
deRito, C., & Bhatia, S. (2022) Comparative analysis of open-source vulnerability scanners for IoT devices. In D. J. Hemanth, D. Pelusi, & C. Vuppalapati (Eds.). Intelligent data communication technologies and internet of things (pp. 785-800). Springer. Doi: 10.1007/978-981-16-7610-9_58