TORCHLIGHT is a novel detection framework that uncovered malicious Tor network traffic targeting vulnerable IoT devices that operate without cloud intermediaries.

• Discovered substantial attack traffic coming through Tor specifically targeting cloudless IoT devices
• Identified attackers leveraging Tor's anonymity to exploit undisclosed vulnerabilities potentially acquired from underground markets
• Developed mechanisms to detect and analyze malicious traffic patterns targeting IoT systems
• Found evidence of attackers targeting zero-day exploits in consumer and industrial IoT equipment

This research matters because cloudless IoT architectures are increasingly popular but introduce new security risks when devices are directly exposed to the internet without proper protection mechanisms.

TORCHLIGHT: Shedding LIGHT on Real-World Attacks on Cloudless IoT Devices Concealed within the Tor Network