{"updated":"2025-01-19T17:36:16.428893+00:00","links":{},"id":212099,"created":"2025-01-19T01:13:07.090743+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00212099","sets":["1164:3925:10503:10641"]},"path":["10641"],"owner":"44499","recid":"212099","title":["ID/Password設定に不備のあるIoT機器におけるマルウェア感染可能性の大規模調査"],"pubdate":{"attribute_name":"公開日","attribute_value":"2021-07-12"},"_buckets":{"deposit":"a9dd868e-6ee3-45a9-905d-94a02b918b88"},"_deposit":{"id":"212099","pid":{"type":"depid","value":"212099","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"ID/Password設定に不備のあるIoT機器におけるマルウェア感染可能性の大規模調査","author_link":["540266","540265","540262","540261","540263","540264"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"ID/Password設定に不備のあるIoT機器におけるマルウェア感染可能性の大規模調査"},{"subitem_title":"A Large-scale Investigation into the Possibility of Malware Infection of IoT Devices with Weak Credentials","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"EMM/ICSS","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2021-07-12","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"},{"subitem_text_value":"国立研究開発法人情報通信研究機構"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":" National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":" National Institute of Information and Communications Technology","subitem_text_language":"en"},{"subitem_text_value":" National Institute of Information and Communications Technology","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/212099/files/IPSJ-CSEC21094034.pdf","label":"IPSJ-CSEC21094034.pdf"},"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSEC21094034.pdf","filesize":[{"value":"2.3 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_login","version_id":"3912d888-8fc9-463e-9283-3687714b80c3","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2021 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"村上, 洸介"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"笠間, 貴弘"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"井上, 大介"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kosuke, Murakami","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takahiro, Kasama","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Daisuke, Inoue","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA11235941","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8655","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Mirai の登場以降，Telnet や SSH サービス等がインターネットからアクセス可能かつ ID/Password 設定の強度が不十分である IoT 機器がマルウェアに感染する事例が多発している．Mirai を含む IoT マルウェアの中には，感染後に当該機器が他のマルウェアに感染するのを阻止する目的で Telnet 等へのアクセスを禁止するものが存在するが，日本国内においてもインターネット側から Telnet サービスへアクセス可能な機器は数万台規模で未だ存在してい る．この事実は，それらの機器が適切なパスワード設定によってマルウェア感染を回避しており，サイバー攻撃の踏み台として悪用されないことを示すのだろうか？ 我々は日本国内のパスワード設定に不備のある IoT 機器に対する調査プロジェクト NOTICE を 2019 年 2 月より開始した．本稿では，NOTICE プロジェクトの調査結果と大規模ダークネットの観測結果より，パスワード設定に不備のある IoT 機器のマルウェア感染状況を分析すると共に，マルウェア非感染の要因や当該機器がサイバー攻撃へ悪用されるリスクを明らかにする．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Since the outbreak of IoT malware \"Mirai\", there have been a number of incidents in which IoT devices whose Telnet and SSH services are accessible from the Internet and whose ID/Password settings are not strong enough have been infected with malware. Some IoT malware, including Mirai, prohibit access to Telnet and other services in order to prevent the devices from being infected by other malware after own infection. However, there are still tens of thousands of devices that can access Telnet services from the Internet in Japan. Does this fact indicate that these devices can avoid malware infection by setting strength passwords, and thus cannot be used as a stepping stone for cyber attacks? In February 2019, we launched the NOTICE project to investigate IoT devices with weak credentials in Japan. In this paper, we analyze the results of the NOTICE project and the results of the large-scale darknet monitoring to reveal whether IoT devices with weak credentials are actually infected with malware or not. We also analyze the IoT devices with weak credentials to find out the factors that prevent these devices from being infected with malware and clarify the risk of them being exploited for cyber attacks.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"6","bibliographic_titles":[{"bibliographic_title":"研究報告コンピュータセキュリティ（CSEC）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2021-07-12","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"34","bibliographicVolumeNumber":"2021-CSEC-94"}]},"relation_version_is_last":true,"weko_creator_id":"44499"}}