(Still) Securing the Internet of Things
Ahh, IoT. Remotely monitoring and configuring your doorbell, washer and dryer, thermostat, security cameras, or just about any applicance or wearable you can imagine is pretty cool. And, the list of IoT devices gets larger every day.
But here’s the rub on IoT devices: As Mirai proved to everyone last fall, they are perfect conduits for cyber attacks. Here’s why:
- Their designers don’t devote enough time or energy to securing the device’s software,
- They often use generic open-source code, and
- These devices access the Internet by default.
These vulnerabilities were brought to light last October, when a massive cyber attack—in this case a Distributed Denial of Service (DDoS)—brought down the likes of Netflix, Spotify and Twitter. The DDoS attack flooded web servers with massive amounts of traffic, which prevented servers from responding to legitimate requests. The cyber attackers infected unsecured IoT devices, and then utilized their processing power to form a network of infected computers (a botnet) that launched the DDoS attack.
And since the Mirai source code was released last year, there are countless variants floating around now. We see evidence of it every day: Over 800,000 Mirai-related alerts across our Sentinel customer network since the beginning of 2017, and 13,000 alerts in July and August (so far!) alone.
How to Protect Yourself from IoT-related Cyber Attacks
- Make sure your device is running the latest firmware from the manufacturer.
- Always reset the password on your new device. The manufacturer equips each with default usernames and passwords. If they’re not customized, malware can easily access these devices by utilizing default logins and passwords.
- Watch out for Universal Plug and Play (UPnP). These devices will sometimes use UPnP and poke a hole on a specific port through your edge devices. Monitor your perimeter router and firewall and make sure there’s no traffic coming from unexpected ports, or consider disabling UPnP all together.
The list of IoT devices is growing exponentially; unfortunately, so will the list of IoT-related cyber attacks.