User compliance and remediation success after IoT malware notifications

Elsa Rodríguez*, Susanne Verstegen, Arman Noroozian, Daisuke Inoue, Takahiro Kasama, Michel Van Eeten, Carlos H. Gañán

*Corresponding author for this work

Research output: Contribution to journalArticleScientificpeer-review

8 Citations (Scopus)
83 Downloads (Pure)

Abstract

Internet Service Providers (ISPs) are getting involved in remediating Internet of Things (IoT) infections of end users. This endeavor runs into serious usability problems. Given that it is usually unknown what kind of device is infected, they can only provide users with very generic cleanup advice, trying to cover all device types and remediation paths. Does this advice work? To what extent do users comply with the instructions? And does more compliance lead to higher cleanup rates? This study is the first to shed light on these questions. In partnership with an ISP, we designed a randomized control experiment followed up by a user survey. We randomly assigned 177 consumers affected by malware from the Mirai family to three different groups: (i) notified via a walled garden (quarantine network), (ii) notified via email, and (iii) no immediate notification, i.e. a control group. The notification asks the user to take five steps to remediate the infection. We conducted a phone survey with 95 of these customers based on communication-human information processing theory. We model the impact of the treatment, comprehension, and motivation on the compliance rate of each customer, while controlling for differences in demographics and infected device types. We also estimate the extent to which compliance leads to successful cleanup of the infected IoT devices. While only 24% of notified users perform all five remediation steps, 92% of notified users perform at least one action. Compliance increases the probability of successful cleanup by 32%, while the presence of competing malware reduces it by 54%. We provide an empirical basis to shape ISP best practices in the fight against IoT malware.
Original languageEnglish
Article numbertyab015
JournalJournal of Cybersecurity
Volume7
Issue number1
DOIs
Publication statusPublished - 2021

Keywords

  • cleanup IoT malware
  • IoT security
  • user compliance on IoT notifications

Fingerprint

Dive into the research topics of 'User compliance and remediation success after IoT malware notifications'. Together they form a unique fingerprint.

Cite this