Insecurity of Things

|November 30, 2016 0
How home networks are opening backdoors for hackers

Atul Anchan

The Internet of Things (IoT) provides us with an ever-expanding convenience, inter-connecting nearly every aspect of our daily lives. By 2020, Gartner estimates there will be nearly 21 billion connected Internet of Things (IoT) devices worldwide.

Hence, it is no understatement when we say that we can connect to our homes and workplace—and points between—to track our workouts, navigate maps, sync to-do and shopping lists with others (and our home refrigerators!), and even check to see who’s ringing our doorbell when we’re away from home.

Insecurity of Things?

We are producing more data than ever, and thus our data and privacy are increasingly at risk. According to Symantec’s Internet Security Threat Report (ISTR),over the last year, Symantec has seen an increase in proof-of-concept attacks on devices like the Smart TV and Smart watches. In numerous cases, the vulnerabilities were obvious and all too easy to exploit.

IoT devices often lack stringent security measures, and some attackers can exploit vulnerabilities in the operating systems found in these devices and routers. IoT devices are a prime target, since they are designed to be plugged in and forgotten after basic set-up. The most common passwords IoT malware used to attempt to log into devices was, unsurprisingly, the combination of ‘root’ and ‘admin’, indicating that default passwords are never frequently changed.

Atul A, Symantec

Atul A, Symantec

 

In fact, Norton’s Cybersecurity Insights Report 2016 highlighted that connected homes are coming but there is a massive knowledge gap to overcome if hackers are going to stay out of people’s homes. 65 per cent of Indian consumers surveyed don’t believe there are enough connected device users for it to be a worthwhile target for hackers and a whopping 80 per cent think that the devices are designed with online security in mind which is far from true.

Further, 68 per cent believe that just as hackers learnt to benefit from targeting social media and financial accounts, they are on their way to learning how accessing connected home devices can be lucrative.

IoT devices being increasingly used for DDoS attacks

Malware targeting the Internet of Things (IoT) has come of age and the number of attack groups focusing on IoT has multiplied. Symantec’s Security Response team has discovered that cybercriminals are hijacking home networks and everyday consumer connected devices to help carry out distributed denial of service (DDoS) attacks on more profitable targets, usually large companies.

To succeed, they need cheap bandwidth and get it by stitching together a large web of consumer devices that are easy to infect because they lack sophisticated security. Most IoT malware targets non-PC embedded devices such as web servers, routers, modems, network attached storage (NAS) devices, closed-circuit television (CCTV) systems, and industrial control systems. Many are Internet-accessible but, because of their operating system and processing power limitations, they may not include any advanced security features. The current IoT threat landscape shows that it does not require much to exploit an embedded device.

Staying protected

• Research the capabilities and security features of an IoT device before purchase
• Perform an audit of IoT devices used on your network
• When installing a new network-connected device, such as a router or smart thermostat, remember to change the default password. Use strong and unique passwords for device accounts and Wi-Fi networks. Don’t use common or easily guessable passwords such as “123456” or “password”
• Protect your wireless connections with strong Wi-Fi encryption so no one can easily view the data traveling between your devices.
• Many devices come with a variety of services enabled by default. Disable features and services that are not required
• Disable Telnet login and use SSH where possible
• Modify the default privacy and security settings of IoT devices as per your requirements and security policy
• Disable or protect remote access to IoT devices when not needed
• Use wired connections instead of wireless where possible
• Regularly check the manufacturer’s website for firmware updates
• Ensure that a hardware outage does not result in an unsecure state of the device

The Internet of Things is changing the landscape of privacy and security every day. Given the current poor state of security on connected devices, it will present an increasingly attractive opportunity to the cybercriminals who in the same way like burglars prefer houses without alarms or resident dogs.

(Atul Anchan is Director- Systems Engineering, India at Symantec. Views expressed here are of the author and CyberMedia does not necessarily endorse them.)

No Comments so fars

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.