The Internet reshapes the way we communicate with each other and how we interact with real-life objects. As we are gradually developing into real-life cyborgs, manufacturers go out of their way to entertain even the darkest of desires. Few can imagine life without their favorite personal assistant that syncs the time they wake up to the perfect morning coffee in the right temperature.
The product pool opportunity for connected devices is mind blowing, integrating mostly any gadget, from pet feeders to baby monitors, talking dolls, wearables, cars and even adult toys. The Internet of Things has made it even in power grids, traffic sensors, medical devices and pacemakers. What happens when they are infected with ransomware and hackers get full control?
Ransomware has been around for a long time, terrifying users with threats to encrypt and destroy their data unless a decryption fee is paid. IoT ransomware is a new breed of malware that, for some reason, hasn’t raised as much concern among manufacturers and users. From miles away, hackers can infect a device with ransomware and then instantly spread it across the entire network.
The outcome of a massive ransomware infection of connected devices could the cost data and money, and even worse if it targets, for example, the healthcare industry. But we have to look at the bigger picture. The issue is not only about hackers breaching baby monitors to listen to family talks, but also about connected devices becoming next-gen weapons for cyber terrorism. The US government has already expressed national security concerns about the issue.
Some would say it’s easier to get rid of ransomware when IoT devices are involved; a simple reset or update might do the trick. That’s not necessarily false, but it’s not entirely true either. Chances that an IoT device that prematurely reached the shelf will receive software updates are limited because manufacturers still don’t incorporate security from the design stage.
Many homes have over 12 IoT devices connected to the same network, communicating with each other. Realistically, we’re looking at many security vulnerabilities due to the sheer number of entry points and the lack of patching and hardening.
Hackers are smart individuals who excel at making it impossible for victims to remove the malware without getting their way first. They can turn connected devices into ransomware attack vectors that in turn exploit other devices, leading to a snowball effect. As a short recap, some common vectors are system vulnerabilities, phishing, propagation through an infected network or shared services and social media.
The Internet of Things has turned into the “Dennis the Menace” of cyber security, but everyone still wants a piece of the pie. Especially the hackers, who are not necessarily in it for the money alone, but often to sabotage communities by reprocessing devices as well.
What’s scary about IoT devices is that the vulnerabilities make it very easy for hackers to break them remotely. While on the other side of the world, criminals can easily bypass NAT limitations, security researchers proved after investigating vulnerabilities in power outlets.
Network attached storage devices in households or in public institutions have been hit multiple times by ransomware. For home users, this may mean that their pictures and other precious memories are gone forever, thus defeating the whole purpose of a network attached device; for governments, a ransomware attack against storage devices can block everything, sending citizens back into the Middle Age. And this happened increasingly more often throughout 2017, when cross-breed, extremely viral ransomware such as WannaCry or GoldenEye have hit the world.
Millions of IoT devices are vulnerable to attacks
Around this time last year, we also witnessed the first massive DDoS attack on Dyn DNS, caused by an IoT botnet made up of cameras and DVRs. The attack involved millions of IP addresses and affected not only major tech companies like Netflix, Spotify, Twitter and Github, but also governments; and that was only the beginning.
When Mirai malware surfaced, it blew security experts away, as it created an IoT botnet that generated one of the largest cyberattacks, hitting 177 countries. What would happen in case of a ransomware infection? Hackers could paralyze devices in a chain reaction and, in seconds, induce traffic accidents, power outages, malfunction of aircrafts and medical devices; destroy infrastructures that cost millions to implement and countless tedious work hours to ensure functionality.
After the author released the code, an open port allowed the corruption of 900,000 home routers with Mirai malware, leaving 1 million users in Europe offline following a massive attack on German internet provider Deutsche Telekom. The open port made it easy for hackers to exploit the DSL routers, affecting 5 percent of the company’s 20 million clients. Subsequently, 41 million other connected devices were found to have the same service port open!
Security agents can’t be installed on IoT devices, so we’re looking at an overly targeted landscape. Choosing to live in a smart home, equipped with a smart fridge, DVRs, fitness trackers, smart thermostats and sockets, comes with the responsibility of taking all the necessary steps to ensure your home is safe.
- Don’t use default, easy-to-guess passwords. “Admin,” “123456,” “root, “password,” “guest” or personal identifiable information must never be used to secure a device or an account. Always go for strong, unique passwords. Using them for multiple accounts is an absolute no-no.
- Regularly check for device updates and security patches, and run them as soon as they are available.
- Don’t click on suspicious URLs and don’t download attachments or software from unknown sources. Once a device is infected, it will corrupt all the machines it communicates with and, implicitly, the entire infrastructure.
- Set up network zones specifically for IoT systems and isolate them from public or unsecured networks.
- Install a universal security solution that protects the network and scans for malware attacks across the network.