Cybercriminals taking steps to compromise Internet-enabled devices
‘We are going to see new threats that we’ve never seen before’
LEAVING the office, your phone tells you that the next bus is 12 minutes away, and as you stroll to the bus stop, another message arrives. Your fridge reminds you that you’re running out of milk and to pick up a bottle from the supermarket. Not long after you board the bus, you receive another message – your home automation system recognises that you are on the way home, and asks if you’d like to start the air-conditioning.
Throughout the commute, your devices talk to you, reminding you of chores that need to be done and keeping track of your whereabouts.
If the above scenario sounds entirely possible, it’s thanks to ‘The Internet of Things’ (IoT) which kicked off 2014 with a bang. It is a new age of technology where devices are able to communicate via the Internet and proactively engage you throughout the day.
According to Gartner, the number of such devices will grow to 26 billion units in 2020, representing an almost 30-fold increase from 900 million in 2009. Although they promise a new era of convenience, these new devices also represent a treasure trove of opportunities for attackers to exploit, outside of their traditional targets.
We are now beginning to see cybercriminals take steps to compromise Internet-enabled devices and in some instances, even competing to gain control.
We recently uncovered one of the first IoT threats, Linux Darlloz. The features of the worm seemed innocuous at discovery as it sought to exploit an old vulnerability to gain administrative privileges and to propagate itself to other computers.
Researchers then discovered that the worm targeted a very specific set of hardware mostly found in IoT devices such as home routers, set-top boxes, security cameras and industrial control systems, leaving these devices vulnerable to attack at a time of the attacker’s choosing.
Beyond its ability to infect IoT devices, Darlloz is attention-grabbing as it is involved in a worm war with another threat known as Linux.Aidra. Darlloz checks if a device is infected with Aidra and if found, removes it from the device to ensure that the attacker who seeded it has exclusive access to these compromised devices.
In another example of attacks targeting Internet-enabled devices, cybercriminals in Israel infiltrated a security camera system tied to the traffic infrastructure and brought traffic to a standstill – the first time for just 20 minutes, but the second time for a full eight hours.
In a space where processing power and memory are limited, and if the implications of a turf war are to be believed, this illustrates how Internet-enabled devices are valued by cybercriminals as a data collection point, or more maliciously, as a point of entry into the wider network.
The importance of flexible security solutions to deal with the increasing sophistication of these worms cannot be emphasised enough.
Another consideration is how companies manufacturing these devices do not realise that they may be facing such threats. These systems are vulnerable to attacks and also lack notification methods for consumers and businesses when vulnerabilities are discovered.
This is compounded by how such devices do not have a friendly end-user method to patch any found vulnerabilities. We discovered this with TRENDnet’s baby monitors, which the US Federal Trade Commission found to have faulty software that left them open to online viewing and listening, by anyone with the camera’s Internet address.
What is notable about the TRENDnet incident is that the devices targeted were not infected with any form of malware, but rather their security configuration simply allowed anyone with a little know-how to access them.
Given the relative lack of security of these devices, sometimes down to the fault of the manufacturers, we are going to see new threats that we’ve never seen before.
That said, as we are faced with a new and potentially unfamiliar threat landscape, we should recognise that this offers us an opportunity to stay at the forefront of online security and provide solutions – from user authentication and end-point security to device management – to help make the Internet of Things a safe environment for users and the community at large.
Eric Hoh is vice president of the Asia South and Korea regions at Symantec, responsible for leading the regional teams in the Security and Availability lines for Symantec.
Internet of Things: Installed base of 26bil units by 2020
‘Hackers’ – tech reality finally catches up with Hollywood?
Government regulation key factor for IoT to bloom
59% of APAC enterprises have ‘Internet of Things’ plans: Global IT body
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.