An Analysis of the Use of CVEs by IoT Malware

In recent years, IoT malware has become a significant threat to the IoT infrastructure, to the point where it even hinders the deployment of this promising technology. A distinctive aspect of this threat is its reliance on vulnerabilities as an infection vector. Many of these vulnerabilities are CVEs (Common Vulnerability Enumeration) selected from the National Vulnerability Database (NVD). In this study, we investigate the use of CVEs by IoT malware, with the ultimate aim of predicting which CVEs are more likely to be targeted by malware developers. Our results show that the CVEs exploited by IoT malware developers are sufficiently distinguished from those CVEs that IoT developers refrain from using to permit effective automated prediction. We detail these differences, develop other observations about the use of vulnerabilities by IoT malware and compile data on this topic that may be useful to security researchers.