What are IOT Devices?
The Internet of Things (IoT) refers to something that most of us interact with every day, but may not realize. IoT is the network of everyday, physical objects that are equipped with Internet connectivity. The main goal of IoT devices is to collect and share data about the way they are used and the environment in which they function. They can be embedded with electronics, Internet connectivity, and other forms of hardware and can be remotely controlled and monitored. From smart refrigerators, to self-driving cars, to our fitness watches, the valuable information that these devices can track opens us up to some serious security and privacy concerns. Their pervasive presence is supposed to make life easier, but there is a darker side to these new emerging technologies--the weaponization of the Internet of Things.
Botnet and DDoS?
A Botnet is a group of IOT and traditional computing devices that have IP addresses and have been compromised. A botnet could be just two devices, or as much as Mirai; 600,000. A botnet then can be used in a DDoS or Distributed Denial-of-Service attack to overwhelm a system with a massive amount of data. This usually happens to web servers but can even bring down connectivity to large geographical areas like Mirai taking down US east coast connectivity. Essentially, a botnet performing a DDoS attack is like a bunch of zombies creating a road block between you and Illegal Pete’s on a Thursday night.
Organizations and people create botnets to perform DDoS attacks for a multitude of reasons. Companies perform attacks in order to shutdown competitor's E-commerce website. People can use DDoS attacks to keep a small or medium sized company’s website down, then demanding money to stop their attack. This is similar to the mafia ‘requesting’ money to ‘protect’ you. Another example of DDoS attacks is humorously, competitive online games to block their competitor's packets to the game's server so that they can gain a competitive advantage. There are many more examples here.
Can I make my devices secure?
As more and more of these devices make their way into our homes, cars, and businesses, the rush for convenience might leave security as a non-priority. Considering the serious security concerns surrounding Internet of Things devices, there are steps we can take to secure those devices. The following are our team’s top three tips for securing your Internet of Thing devices:
Make sure you have the latest firmware
Major companies prepare for security threats and patch the vulnerabilities that they become aware of. That being said, one must update their devices in order to receive those security updates, they are not just trying to stop your 12th binge of The Office. It is important to remember that there are lags between when vulnerabilities are discovered, and when they are patched. See the following to remain more secure during those times.
Disable Universal Plug and Play (UPnP)
Universal Plug and Play is a set of protocols and related technologies that allow devices to automatically discover one another. This feature, though convenient, serves as a gateway for hackers to infiltrate your IoT devices and network. According to Dan Goodin, “security experts are advising that a networking feature known as Universal Plug and Play be disabled on routers, printers, and cameras, after finding it makes tens of millions of Internet-connected devices vulnerable to serious attack”. If you want to avoid cyber criminals potentially discovering your devices from beyond your local network, simply disable UPnP completely.
Pick strong, unique passwords for every device
Strong passwords are not necessarily passwords with 6 characters, 1 uppercase, and 1 special character. Strong passwords or pass-pharases are generally supposed to be fairly large (12 characters or more), since brute-force password crackers take exponentially longer to hack with each additional character. Password managers such as LastPass are helpful for managing and creating large randomized passwords if you need help. Here is LastPass’s free password generator.
Questions
- Have you heard of IoT devices being used for cyber attacks before reading this post? Is so, in what context?
- How many IoT devices do you own and have you thought about securing them before?
- Do you use a password manager? If so, which one and why?
1) Yes, I believe that the more we are connected (IoT) the more likely we are to be vulnerable to cyber attacks. For instance in just my room I have my cell phone, alexa device, computer, television, gaming device all connected to one-another. Just compromising one of these devices would give an attacker any information related to my other connected products as IoT has become this web of personal data.
ReplyDelete2) The only IoT device I own, which I feel many college students also share is an Amazon Alexa device. I actually haven't even looked into any type of security regarding my device but after reading your article I plan on finding out how to do so.
3) I don't use any password managers myself but I do keep a list of my passwords available on my smartphone. Before anyone questions why I do this I can explain that I use a notation on my note sheet to describe what the username/passwords are without explicitly mentioning them. for example if I know my password is "Arizona", I would type out "pass: wildcat" or something related to that item. I definitely think it may be a good routine to look into password managers but prior to the article I didn't know how trust worthy some of these options were.
Hello!
ReplyDeleteI have heard about IOT devices being used in a cyber attack but it's not something that you hear a lot about. One of my coworkers was telling me about someone he knew who figured out how to connect to a insulin pump and wirelessly activate it and cause it to overdose the patient. I also have gone to talks that have talked about these sorts of vulnerabilities.
The only IOT device that I am currently using is my ChromeCast and I have not looked into securing that.
I do, I use lastpass. I was told that was a good one and the primary reason I use it is to keep track of the 20+ passwords I have.