Silent Threats Inside IoT Devices

As more and more smart devices are installed in homes, all these cheap connected devices bring new security issues to the entire family and society. This problem is becoming increasingly complex as companies are significantly increasing the number of sensors and remote monitors used to manage office environments and detailed manufacturing processes in factories. At the same time, governments are also getting involved – especially cities, aiming to use new technologies to improve energy efficiency, reduce traffic congestion, and enhance air and water quality.

The number of these “IoT” devices is climbing to tens of billions. They are creating a connected world that has the potential to make people’s lives more enjoyable, productive, secure, and efficient. However, these identical devices, many of which are not truly secured, are becoming part of so-called “botnets”, vast networks of small computers that can easily be hijacked by hackers.

Botnets pose significant problems for the internet, ranging from sending massive amounts of spam to disrupting the operation of websites around the world. Traditionally, most botnets were composed of laptops and desktop computers, but the growth of unsecured devices such as industrial sensors, network cameras, televisions, and other smart home devices has greatly enhanced their destructive capabilities.

The IoT includes countless types of devices manufactured by numerous companies – network cameras, pressure sensors, thermometers, microphones, speakers, plush toys, and more. Many of these manufacturers are small and unknown, lacking popular brands or public reputations to protect. Their goal is to produce as many devices as cheaply as possible, and customer cybersecurity is not their primary concern.

The diversity of these devices means they are useful for many things, but it also means they have a wide range of vulnerabilities. These include weak passwords, unencrypted communications, and insecure network interfaces. Thousands or even hundreds of thousands of similarly unsecured devices are scattered around the world, making them ripe targets for hackers.

For example, if a manufacturer sets an unchangeable administrative password on a specific type of device (a situation more common than you might think), hackers can run a program to search the internet for these devices, then log in, take control, and install their own malware, recruiting that device into the botnet army. These devices function normally until hackers issue commands, at which point they can do anything a computer can do – such as sending meaningless internet traffic to clog data connections.

When such an attack is launched simultaneously from thousands of devices, it is called a “Distributed Denial of Service (DDoS)”, which can cause a company’s servers to crash or even prevent the public from accessing a wide range of internet sites. A major DDoS attack in 2016 caused websites along the U.S. East Coast to collectively go down, preventing numerous well-known sites like Twitter, Tumblr, Netflix, Amazon, Shopify, Reddit, Airbnb, PayPal, and Yelp from functioning.

This attack was related to a botnet control software program created by three teenagers who sought to gain a competitive advantage over other players in the “Minecraft” online video game by leveraging over 100,000 hijacked network cameras and other connected devices from around the world.

The scale and scope of these attacks, as well as the variety of devices that could be impacted, make this both a private issue and a public concern.

If hackers flood the internet or parts of it with meaningless information, all of this activity could drown out legitimate communications. Traffic between towns, and even counties, could come to a standstill, making it difficult for police to communicate with each other. Even thousands of small devices around the world could work together and create a massive impact in both the networked and physical worlds.

Author | Charles T. Harry

Translator | Jiao Yang

Source | IoT Home Network