Protecting Smart Devices from Security Threats ( IoT = Internet of Threats)

Posted by Geraldine Hunt on Wed, Apr 11th, 2018

IoT is More like the Internet of Threats

The more touch points we have involving the Internet, the more vulnerable we are to  cyber threats like malware, phishing attacks, and ransomware. According to Gartner, the number of IoT devices eclipsed the world’s population last year.  They predict that the number will grow to 20.4 billion devices by 2020. That is a lot of touchpoints to protect, which includes everything from your television and internet router to your blender.  Just like an army that must protect hundreds of thousands of square miles, it is a formidable undertaking to protect billions of devices.

Patching IoT Vulnerabilities

Managing the arduous updating process is daunting as many IoT devices are not built with any type of plan for patching vulnerabilities once they are discovered.  For the most part, they are simply black boxes with unknown hardware and proprietary software.  To compound the sheer magnitude of it all, there has been a severe lack of investment within the IoT industry when it comes to security.  The severe security deficiencies that typify the industry clearly contribute to the findings of a survey late last year that found that 90 percent of consumers lack confidence in the security of their IoT devices. 

The security concerns of IoT devices are many such as the dearth of authentication requirements for some devices.  Those devices that do require authentication are usually saddled with credential checks that are easily guessable and rarely changed, making them easy for brute force attacks.  Many devices are plagued with services and protocols that are easily exploited by attackers.  What’s more, these inherent weaknesses stay present for years even after their discovery.

UPnP Whitepaper

A recent case in point was a white paper published by the content and web services firm, Akamai concerning the Universal Plug and Play protocol that many Internet routers and other IoT devices still utilize.  UPnP is a classic example of how security is sacrificed for the sake of convenience.  The purpose of UPnP is to allow networked devices to automatically expose services and functionality to other devices located on the local network to automatically.  It is also used to automate the negotiation and configuration of port opening/forwarding within a NATed networking environment.  This allows devices on the network to open up ports to expedite routing of traffic in and out of the network. This feature set is common for home routers and utilized by media and gaming systems to improve performance. 

Unfortunately, what may be convenient for users may also prove convenient for hackers.  When IoT devices broadcast these expedient mechanisms and services to the open Internet with little or no regard to authentication, attackers can scan for these devices and take advantage of them.  For all of its benefits, UPnP has been beset with vulnerabilities and security flaws, some discovered twelve years ago, that allow hackers to input NAT injections.  By doing this, hackers can utilize UPnP devices as proxy devices to help disguise an attack.

In their whitepaper titled, UPnProxy: Blackhat Proxies via NAT Injections, Akamai reported finding as many as 4.8 million devices on the internet that would improperly return a certain query related to UPnP.  Of those, about 765,000 also had a secondary implementation issue that created a bigger network communication vulnerability.  Of these, 65,000 had been fully exploited by the injection of one or more malicious commands into the routing mechanisms of the device.  It is nearly impossible for the common person to realize that their device has been exploited in this manner and unfortunately, little they can do about it.  One option is to simply disable UPnP but doing so also disables some of the device’s functionality.  Although some companies have sought to improve UPnP implementations over the years, Akamai found 73 brands and almost 400 IoT models that are still vulnerable in some fashion.

Inception Framework

One example of how hackers have been taking advantage of this sustained vulnerability is the cyber espionage group known as the ‘Inception Framework’.  The group has been active since they were discovered in 2014 by BlueCoat/Symantec. Besides phishing attacks, browser-based coin mining and other types of malware, the group has launched attacks on a number of companies across the globe. In order to disguise their efforts, they have learned to utilize a complex framework of proxies and cloud services.  UPnP based routers are a prime target of infection and the hijacked boxes are used to forward traffic from one port to another host on the internet. 

Horizon of the Cyber Security Battlefield

The horizon of the cyber security battlefield continues to expand and intensify.  In some ways, IoT is like an old leaky roof in which new leaks are continually found.  The problem is that like Pandora’s Box, we have grown accustomed to the dependency on growing array of black box IoT devices so simply tearing down the house and rebuilding is not realistic. The fact is the more connected we are the easier it is to be hacked by the bad guys. This is the dilemma in which we find ourselves today as we face a crisis that we seem to be poorly prepared for.

WebTitan Cloud for WiFi is a cloud based DNS content filtering solution for your WiFi environment. WiFi guests can be exposed to unsuitable websites and malware. WebTitan Cloud for WiFi allows you to control the content that can be accessed and creates a safe environment to access the internet. Talk to a specialist or  Email us at info@titanhq.com with any questions.