IoT Verse | WEBSITE
Published by: Albert Gibosse – Blue Label Weekly Magazine | WEBSITE
IoT devices are special-purpose devices, that, most likely, connect wirelessly to a network and transmit and receive data over that wireless connection in order to monitor or
control one or many device(s)(thing(s).)
The key characteristics that make IoT devices work include sensors for data acquisition and monitoring as well as actuators – the physical interface – to control the thing(s)( a smart thermostat, the dimmer switch in a smart light bulb, or the gear motors in a robotic vacuum cleaner ) as well as data processing and storage.
Moreover, IoT devices are also equipped to process sensor data, store that data locally, and provide the computing power that makes the device operate.
Although security is the biggest problem with IoT devices, it is the last thing that is considered in the
device’s development lifecycle. However, there are lots of manufacturers out there who build pricier
and more secured devices.
Having IoT devices both at home and on your corporate network means that your devices are widely exposed to malware attacks. In fact, your devices might have already been attacked or compromised while you not aware of it. By modifying your firewall to enable port-forwarding to allow your devices to be conveniently accessed from anywhere on the internet to monitor and control them, they are widely exposed to the internet.
Many IoT home security devices tested were found to have substantial vulnerabilities, including weak
passwords, lack of encryption when devices communicate over the network, as well as account enumeration (when using password reset feature to find valid user account IDs). All of the tested devices are likely to be a part of any smart home today: smart TVs, home thermostats, webcams, smart locks, and beyond.
The firmware and/or onboard software that runs an IoT device sit between the hardware and the outside world, and fall into one of two categories: embedded firmware or operating system-based (OS-based) firmware.
IoT devices most often communicate wirelessly, using a direct 802.11 Wifi connection to your router,
which means they can be anywhere in your home or enterprise. The communication needs of the device
change depending on how it is designed to work.
As some IoT devices (aka, Headless devices) do not have built-in user interaction hardware, such as a
touch screen, one way to configure these devices is to use Wifi Protected Setup (WPS) by pressing the
WPS button on your IoT device and pressing the WPS button on the router to establish a connection.
Other devices create a Wifi access point to which you can connect by using your smart phone to access a
setup program where you to enter your Wifi network credentials. Yet, other devices, like gateways,
are provisioned using the pairing mode. To pair, you follow the device-specific instructions to put
the devices in pairing mode so that they can connect to the gateway.
Once your devices are connected to the network, you can monitor and manage them either through a
smartphone or through an interface connected to a cloud service.
Other devices like CCTV security cameras have dedicated IP addresses and connect directly to the
internet. These devices are accessed directly over the internet, bypassing the need for a cloud service
provider or gateway.
Many malware attacks are designed to test the defenses of the target by employing multiple attack vectors to exhaust all of its defenses in the process. Most of these attacks are characteristic of clever and resourceful hackers.
The attack vectors
Weak passwords and backdoors With some manufacturers emphasizing easy setup and use for end-users who are often not technically savvy, as well as their desire for automatic software upgrade and support, they provide some simple way to login to the device, like a single userid/password combination. Often times, these users leave the device’s login credentials unchanged.
Unfortunately, security features like encryption that is able to secure data over the network are often overlooked or not even considered by some manufactures. Likewise, many IoT devices do not support encryption.
Being on the Internet and accepting incoming traffic, devices are exposed and will come under attack. Most IoT devices already have little or no security and are particularly susceptible to attack.
The attack: Scan and takeover
As it sounds, a scan and takeover attack is comprised of two phases: the scan and takeover phase and
the attack launch phase, which are executed by a Command and Control (CNC) program. After the IoT device attack, the device is taken over and bent to the hacker’s will.
The CNC program is a malicious program that scans IP addresses on the internet looking for hosts with
open ports, and attempts to log in using a set of known default userid/password combinations (for
example, admin/admin, root/admin, user/user, and so forth), if a port is found open. If successful, a script runs and reports the device’s IP address, along with the login credentials to use and, subsequently, pushes the malware to the device that it needs to run the attack. The device is now controlled and awaits for the actual attack to take place.
While the device(s) owner is unaware of what is going on, the attack continues as other devices are taken over and referred to as bots. These types of attacks usually cause either DDos attacks (crippling the target host(s) by sending it/them so much HTTP (and other) traffic it/they cannot handle)) or spam bots.
Protecting your IoT devices
Always change default passwords When you provision a new device, go into the management interface and change the password. If there is not a way to do this, and you plan to expose the device to the internet, consider using a device that allows you to. Likewise, remove devices with telnet backdoors.
Run regular port scans on all your devices There are multiple scanners out there that can enable you to run the tools yourself.
( For assistance, please contact us InternetOfThings@Bluelabelweekly.com )