By Paul Fletcher, Alert Logic
The “Internet of Things” (IoT) is a broadly accepted term which basically describes any Internet-connected devices (usually via Wi-Fi) that isn’t a traditional computer system. These connected, IoT devices offer many conveniences for everyday life. Also, it’s difficult to remember how life was before you could check email, weather and stream live video using a smart TV. It’s now considered commonplace for a smart refrigerator to send you a text every morning with an updated shopping list. We can monitor and manage the lights, thermostat, doors, locks and web cameras from wherever we may roam, thanks to smartphone apps and the proliferation of our connected devices.
With this added convenience comes a larger digital footprint, which makes for a larger target for attackers to discover other systems on your network, steal data or seize control of your DVR. The hacker community is just getting warmed up in regards to attacking IoT devices. There are a lot of fun things hackers can do with vulnerable connected devices and/or “smart” homes. The early attacks were just about exploring, hackers would simulate ghosts by having all the lights in the house go on and off in a pattern, turn the heater on during the summer and the air conditioning in the winter or make the food inside the fridge go bad with the change of a few temperature levels.
The current IoT security threat landscape has grown more sophisticated recently and we’ve seen some significant attacks. The most impactful IoT-based cyber attack happened on Oct. 21, 2016, when a hacker group activated 10% of their IoTBotNet, with malware called “Mirai.” Approximately 50,000 web cameras and DVR systems launched a massive DDoS attack on the Dyn DNS Service, disrupting Internet services for companies like Spotify, Twitter, Github and others for more than 8 hours. The attackers only used 10% of the 500,000 DVR’s and Web Camera’s infected by the malware, but cause monetary damage to customers of the Dyn DNS service. A few months later, attackers launched a new IoT-specific malware called “Persirai” that infected over 100,000 web cameras. This new malware comes complete with a sleek detection avoidance feature. Once the malware executes on the web cam it only runs in the RAM memory space and deletes the original infection file, making it extremely difficult to detect.
The plain, cold truth is that most IoT manufacturers use stripped down versions of the Linux (and possibly Android) operating system, because the OS requires minimal system resources to operate. ALL IoT devices have some version of an operating system and are therefore; “lightweight” computers. Since most IoT devices are running some form of Linux or Android operating system, this means that they have vulnerabilities that are researched and discovered on an on-going basis. So, yes, it’s possible that you may have to install a security patch for your refrigerator or coffee maker.
Special-purpose computer systems with customized versions of operating systems have been around for decades. The best example of this is old school arcade games or early gaming consoles. The difference today is that these devices now come with fast, easy connectivity to your internal network and the Internet. Most IoT manufacturers don’t protect the underlying operating system on their “smart” devices and consumers shouldn’t assume it’s safe to connect a new device to their network. Both Mirai and Persirai compromised IoT devices using simple methods like default usernames and passwords. Some manufacturers feel like their devices are so “lightweight” that their limited computing resources (hard drive, RAM etc.) wouldn’t be worth hacking, because they wouldn’t provide much firepower for an attacker. The hacking community repeatedly prove that they are interested in ANY resource (regardless of capacity) they can leverage.
When an IoT device is first connected to your network (either home or office), it will usually try to “call home” for software updates and/or security patches. It’s highly recommended that all IoT devices be placed on an isolated network segment and blocked from the enterprise or high valued home computer systems. It’s also recommended to monitor all outbound Internet traffic from your “IoT” network segment to discern a baseline of “normal” behavior. This helps you better understand the network traffic generated from your IoT devices and any “abnormal” behavior could help discover a potential attack.
Remember “hackers gonna hack,” meaning the threat is 24/7. IoT devices need good computer security hygiene, just like your laptop, smartphone and tablet. Make sure you use unique and easily remembered passwords and make sure to rotate all passwords regularly. Confirm that all of your systems are using the la patches and upgrades for better functionality and security. After patches are applied, validate your security settings haven’t been changed back to the default settings.
IoT devices are very convenient and manufacturers are getting better at security, but with the ever-changing IoT threat landscape we can expect to see more impactful and sophisticated attack in the near future. The daily burden of relevant operational security for an organization or household is no easy task and IoT devices are just one of the many threats that require on-going monitoring. It’s highly recommended that IoT cyber threats be incorporated into a defense in depth strategy as a holistic approach to cyber security.
Learn more about 2nd Watch Managed Cloud Security and how our partnership with Alert Logic can ensure your environment’s security.
Blog Contributed by 2nd Watch Cloud Security Partner, Alert Logic