Internet of Things (IoT) devices can be controlled through apps and internet. We can control Xiaomi Yeelight, a light bulb that is an IoT device, by an app to change its colors and intensity of light. Similarly, cars can communicate with garage doors to open them, and by sensing the proximity of a person, a thermostat can adjust room temperature by sensing how close a person is. In nutshell, these devices can communicate with each other helping their users.
These devices are making their way to Nepal, and their popularity is gradually increasing.
IoT devices are assigned with IP addresses so that they have the ability to transfer data from one device to another over any network. But this is exactly what makes them vulnerable. A report states that over 70% of IoT devices have vulnerabilities such as Insecure Web Interface, Insecure Network services, Privacy concerns, Insecure Cloud Interface, Insecure Mobile Interface, Insecure Firmware, etc.
These vulnerabilities allow hackers and government agencies to take control of connected devices for any purpose. And given people’s dependence on IoT devices, they are slowly losing the ability to make it secure.
Brian Krebs, a reporter at Krebson Security, was a recent victim of DDoS. DDoS or Distributed Denial-Of-Service (per Urban Dictionary) is a form of an electronic attack involving multiple computers, which send repeated HTTP requests or pings to a server to load it down and make it inaccessible for a period.
That attack wasn’t just a normal DDoS attack. It was measured at 620 Gigabits per second, and Krebs said, “many orders of magnitude more traffic than is typically needed to knock most sites offline.”
What attacked Brian Krebs wasn’t just a group of hackers. It was something different. All this was done by a botnet, a different-than-other and powerful botnet. And Hundreds of thousands of devices connected to his IP address [routers, IP cameras, Digital Video Recorders (DVRs), laptops and computers, printers, etc. used for sending a huge volume of data] helped.
[Kaspersky defines botnet as: ‘an interconnected network of computers infected with malware without the user’s knowledge and controlled by cybercriminals. They’re typically used to send spam emails, transmit viruses and engage in other acts of cybercrime. Sometimes known as a zombie army, botnets are often considered one of the biggest online threats today.’]
The botnet used in this attack is “Mirai”. It can scan devices connected to the internet with default username and password. Take a Linux computer for an example. Mirai can easily login to the computer if its username and password haven’t been changed from ‘root’. Or if anyone uses an Internet Protocol camera, with username as ‘admin’ and password as ‘password’ itself, it can easily find the credentials and add the device into the botnet.
How does Mirai work?
First, Mirai scans IoT devices and then attempts to log in into these devices by using different login credentials. If it succeeds, those devices are added to the Mirai botnet. With billions of devices connected to the internet, the possibility of Mirai bypassing login credentials is significant.
Talking about Mirai, Rob Simon, a senior security consultant at Trusted Sec, said, “This is the big thing they used to create that botnet.” “There are 50 or so known types of devices, and they’re listening on telnet port 23, and they have the credentials. You just copy over the code to run on that device, it connects back to a control center, and from there it just waits for your commands. Once all connected, about 380,000 devices are connected at once. You send a command to all of them to go load a page like Brian Krebs’ and they’re generating a lot of traffic,” he added.
Consequently, once hackers take control over devices, they can be changed from sending normal amount or volume of data to and from your computer to sending an abnormal amount of data to a single place. As Technobuffalo writes, ‘Ultimately, the traffic from hundreds or thousands of these devices can exceed the throughput available to a website or a service, denying additional requests access.’
How to stay away from IoT and DDoS attacks?
There are no antivirus softwares for IoT devices.
We are really lazy when it comes to updating the software or applications in our devices. We ignore popups asking us to update firmware. When was the last time you updated the firmware of your router?
Malwares are used to include computers inside of botnets. Antivirus softwares are fighting these malwares, and Microsoft has upgraded its security in Windows 10. However, these softwares are still unable to scan malware that can our webcams. Therefore, updating firmware is really necessary.
Changing a device’s default password into something complex is a simple but an effective step. Firewalls too can be helpful.
Currently, we are witnessing an amazing progress in the field of technology but Internet of Things and Distributed Denial-Of-Service are its unanticipated consequences that show no signs of stopping. Therefore, we need to act as soon as possible before we hear the DDoS attack like the one in an episode of ‘Black Mirror’ happens in Nepal.