One thing after another: The role of users, manufacturers, and intermediaries in iot security

Research output: ThesisDissertation (TU Delft)

76 Downloads (Pure)


In recent years the number of Internet-connected devices (aka as Internet of Things (IoT)) has increased dramatically. IoT Manufacturers have launched into the market a variety of IoT products to make a profit, while users buy them for the convenience of the technology. Despite IoT technology’s benefits to society, infected IoT devices with malicious software (malware) are a serious security concern. For instance, in 2016, we witnessed one of the largest Distributed Denial of Service (DDoS) attacks facilitated by IoT devices. This attack disrupted major well-known websites, including Twitter, Spotify, Github, and others.
Infected IoT devices cause negative externalities. A negative externality is the cost that third parties, who are neither the seller nor the buyer of IoT devices, must incur to protect themselves against DDoS attacks.
In the traditional personal computer world, compromised machines can be remedied with self-service solutions like antivirus. However, there is a lack of such tools to help users remove malicious software once it has taken hold for the wide variety of IoT devices. This, in turn, creates usability issues for users in the IoT space. To remediate infected IoT devices, users may need to take different actions. These actions depend on the device type, its manufacturer, patches or software updates available, and available settings of the device.
Some Internet Service Providers (ISPs) (referred interchangeably as intermediaries in this dissertation) have undertaken the task of notifying users about infected IoT devices in their home network. These types of notifications can aid the threat detection mechanisms of infected IoT devices for users.

Considering that the IoT technology has certain limitations, and users will have to deal with infected IoT devices, and the aforementioned actors are involved, we set ourselves to answer the following research question: How can users mitigate infected IoT devices? And what role can manufacturers and intermediaries play in supporting them? To answer this question in short users require information and actionable advice to take appropriate actions. Manufacturers need to improve security practices, such as removing default credentials from the setup process of IoT devices. ISPs can facilitate threat detection through notifications and DNS-based prevention. The results of this dissertation, suggest that governments should incentivize intermediaries and manufacturers to address this issues, and collaboration among stakeholders is essential since users alone cannot mitigate infected IoT devices even though they are motivated.
Original languageEnglish
Awarding Institution
  • Delft University of Technology
  • van Eeten, M.J.G., Supervisor
  • Hernandez Ganan, C., Supervisor
Award date4 Jul 2023
Print ISBNs978-94-6419-829-4
Publication statusPublished - 2023


  • Internet of Things
  • cleanup IoT malware
  • IoT malware remediation
  • User experience with IoT malware


Dive into the research topics of 'One thing after another: The role of users, manufacturers, and intermediaries in iot security'. Together they form a unique fingerprint.

Cite this