How Does IoT Expand Hackers’ Attack Surface?

1348

What constitutes a weak link? And what can be done to mitigate growing threats via IoT?

IoT technology everywhere. No, this is not a vision statement, but a reflection of our reality.  From wearables to smart home systems and routers… Devices with sensors that collect data in real time are rapidly expanding. To many they are a blessing, designed to make daily lives easier and improve organizations’ efficiency. Some devices, such as smart medical equipment and alarm systems, can even help save lives. But to IT security teams, they are at best a source of angst, and at worst a security nightmare.

Whether we like it or not, the transition to an ever-expanding connected wonderland comes at a price. Technology companies churning out new connected devices at a menacing pace often overlook the security threats.

In the rush to embrace clever routers, smart alarms, security cameras or even moisture controllers, organizations have been ignoring the potential cybersecurity pitfalls of poorly secured connected devices. Inevitably hackers pick up on these opportunities to extract intellectual property or other sensitive data.

So how do hackers infiltrate organizations through IoT connected devices? How can a weakened link in the IoT chain lead to compromised digital assets? And what can be done to prevent the next attack beginning from an IoT hitch? 

You are the weakest link. Goodbye!

Hackers’ attempts to exploit IoT devices and get a foothold into an organization are made possible due to these core weaknesses:

  • One insecure device at the right moment is all it takes to create an attack vector in IT and OT networks
  • Low-cost IoT designs are often built with security flaws in the first place
  • Intended back doors are sometimes built into IoT devices
  • IT teams may lack visibility into the number and type of devices creating inventory gaps and security posture risk


How a router, camera or innocent aquarium thermometer can be a gateway to disaster

The increased use of connected devices in countless applications such as asset tracking, equipment monitoring and managing environmental conditions has vastly contributed to an expanded attack surface. Sitting within networks, IoT devices are almost the perfect target for cyber thieves for the following reasons:

  • They have their own IP address
  • They make it possible to communicate with other connected network devices and systems
  • Organizational and customer traffic often need to traverse these devices

A malicious attacker that has successfully gained entry into an internal routing and switching infrastructure can monitor, modify, and even deny traffic between key hosts inside a network. Worse still, the attacker masquerading as a legitimate user can leverage trust relationships to conduct lateral movement to critical assets and go under the radar.

Even an innocent thermometer sitting in a fish tank can be hooked into a hacker’s net and serve as a stepping stone to a critical database. If the manufacturer and / or the organization that purchased the goods ignored security measures, then a successful hacker’s attack is just a matter of time.

One of the worst IoT-related disasters to date is the Mirai attack. On October 2016, it paralyzed most of the Internet on the US east coast. The unbearable ease with which the attack unfolded highlights IoT’s role in causing chaos on a national scale.  Mirai took advantage of insecure IoT devices by simply scanning for big blocks of Telnet ports over the Internet. It then logged in with frequently used passwords for the devices, which in far too many cases had never been changed. In this way, Mirai amassed an army of compromised closed-circuit TV cameras and routers ready to do its bidding. (Incidentally, the hackers merely aimed to make a little money off of Minecraft aficionados.)

How to protect IoT devices from exploitation

In the cyber community there is a running joke; “The ‘S’ in IoT stands for security…”

Jokes aside, here are some steps for protecting smart devices:

  • Renew the default passwords of your connected devices: If your passwords are still set to default, change them immediately
  • Disable the universal Plug-&-Play which is the default in every IoT device, creating a security gap in your router that lets malware infiltrate any part of your network
  • Disable Remote Management through Telnet:Log into the router’s settings and disable the remote management protocol
  • Check for Software Updates and Patches: Always keep your connected devices / routers up-to-date with the latest firmware
Adi Ashkenazy
Adi Ashkenazy is VP, product for XM Cyber. He previously served as deputy director of an elite cyber technology department in the Israeli Intelligence Community, leading Israel’s finest engineers and security professionals through some of the world’s most complex cyber security challenges. Mr. Ashkenazy holds a B.Sc. in computer science and M.Sc. in information technologies from Tel Aviv University, where he earned several scholarships for academic excellence and graduated summa cum laude.

Adi Ashkenazy Web Site
In this article