The Internet of Things and how your doorbell might just be attacking Amazon

We hear a lot about the Internet of Things (IoT) on the web nowadays and the TV is full of adverts for Central heating systems that you can control from your smartphone or tablet. There are Wifi enabled doorbells that contact you on your phone when the postman is leaving you a package at home and IoT light bulbs and power sockets can be bought at your local DIY store nowadays too. It looks as though this is mainstream now, and not just for us techie blokes who like something new to talk about in the pub.

The big unanswered question at the moment is how safe are these things? There have been some horror stories about Wifi enabled Baby monitors exposing images of sleeping children to the world and the most recent case of the Mirai malware found on IoT devices demonstrates just how susceptible any internet connected device can be to exploit. In the Mirai case, malware was deployed to various devices globally but it seems that a large proportion of them may have been IoT devices. The malware was responsible for a huge Distributed Denial of Service Attack (DDoS) aimed at the domain name server, Dyn on October 21st. This in turn disrupted services as far and wide as Amazon, Netflix, Paypal, Twitter and Github…serious stuff then, but how on earth did this happen?
To the average user, these IoT devices are just appliances that you plug in and forget about, so how could they be developed into a threat? Well, by their very nature, they are not to be thought of in the same way that I think about my good old fashioned Duallit Toaster. These devices are intelligent and programmable and can be susceptible to malware in the same way as your desktop computer. The same security precautions should be taken to ensure that they do not pose a threat.

 

The Mirai Malware turns the infected device into a member of Botnet, a collection of devices that can communicate with one another for various means, (the word Botnet is derived from the words Robotic and Network.) This piece of malware has been responsible for several DDoS attacks in the last 12 months but the attack of the 21st Oct seems to have been the most significant in size. It would appear that the number of IoT devices that are becoming infected is on the increase and there is strength in numbers – in fact, Botnets rely on this.

So, what can be done? Well, it is often hard to tell if your Webcam or Doorbell has become infected as it still operates as normal. It might get a bit temperamental at times, (but don’t we all). It is important however to ensure that the firmware is updated regularly and that any default passwords and accounts are removed upon installation. The Malware checks for open default accounts and utilises these to gain control of the device. It has been the advice of many security experts over the years but now it really does hit home – Remove any default accounts and passwords from any device before you intend to use it and check that the firmware is kept up to date. It might go against the grain to patch your doorbell or your webcam but it might just be possible that it is launching at attack on a global website, whilst you sip your coffee……food for thought indeed!

Information Security Consultant, SRM's Principal PCI DSS QSA and Payment Card Industry expert, Paul B is a regular contributor to the SRM blog.

Posted 1 year ago on · Permalink