IoTLS 2.0: How Far Has IoT Industry Come in Securing Communications with TLS?

Transport Layer Security (TLS) is commonly used to secure communications over the Internet. However, since the rise of Internet of Things (IoT) devices, there have been concerns regarding the security practices adopted in the development of these devices. In particular, the study IoTLS (IMC'21) analyzed TLS practices in consumer IoT devices and revealed widespread use of insecure protocol versions, weak cipher suites, and improper certificate validation.

Our work reproduces the IoTLS analysis on a new set of 22 comparable consumer IoT devices to assess the advancement of security practices five years later. Our findings indicate significant improvements; for example, support for deprecated TLS versions has decreased from 45% to 9.1%. However, insecure configurations remain prevalent: 86.4% of devices still accept weak cipher suites. These results indicate that while manufacturers have made progress in adopting secure TLS practices, further efforts are needed to achieve a consistently secure IoT landscape.