Shutting Out Cybercriminals by Making IoT Devices Hard to Hunt

Shutting Out Cybercriminals by Making IoT Devices Hard to Hunt

To hunt prey, predators must first scope out the target’s surroundings and everyday activity— something cybercriminals are all too familiar with when it comes to hacking connected/IoT (Internet of Things) devices in the home. While it’s tough to pinpoint which specific devices are the least secure, hackers are clearly targeting a specific segment of products more than others: mass-produced, consumer, seemingly “innocent” gadgets. In the past year alone, we’ve seen attacks on smart teddy bears, doorbells, and even fish tanks. These types of common, everyday household items are primarily designed with convenience or style in mind, while security is often an afterthought. Attacks on IoT devices in the home can not only lead to invasions of personal privacy, but ultimately impact communications service providers (CSPs) and IoT vendor.   Picking off the weak In the recent Satori IoT botnet cyber-attack, we have seen a rapid evolution in sophistication of attacks where — instead of run of the mill known vulnerabilities— a zero day attack was used for penetration of IoT devices. The attack managed to “zombify” some 500K-700K Huawei routers, opening them up to be used as the attacker pleases (Botnets, exposing the vendor and household to ransomware crypto-mining and many other exploitations that can benefit the attacker and severely impact both consumer and vendor). In Finland, a DDoS IoT-based attack held several residential complexes hostage without heat until a ransom was paid.

Attacking home IoT devices is like shooting fish in a barrel for cybercriminals. If these devices aren’t properly manufactured with baked-in security, not only does it increase the privacy and personal safety risk to consumers, but it can also become costly for the IoT device vendors and manufacturers left to pay ransom and replace thousands, if not millions, of compromised devices (not to mention the reputational damage to the vendor). With little effort, cybercriminals can achieve big gains.

Contributing factors that lead to devices unwillingly participating in breaches vary. If a device hasn’t been updated or properly manufactured, cybercriminals can sniff out the weaknesses. For example, the Reaper attack that created IoT botnets used nine known weaknesses, some of which had been around since 2013. By not updating IoT devices or personal passwords, consumers are practically inviting cybercriminals to hack into their systems. The challenge is that most consumers won’t bother or don’t know how to update their connected devices’ firmware to protect them from the latest sophisticated attacks. And many are simply unaware of the necessity of practicing good password habits.

Read more…

 

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top