How is my IoT device vulnerable to malware?
It should be understood that any device connected to the Internet could be vulnerable to hacking. We see stories in the news about cameras, smartphones, laptops, smart speakers, smart appliances, and baby monitors being compromised. Security vulnerabilities in smart homes are being discovered every day. One security company exploited these vulnerabilities to show just how easy a cyber attack in the smart home was. In this blog, we'll explore malware, a type of cyber attack that has more than 7,000 active samples (known types) targeting IoT devices.
What is malware?
Malware is a malicious software that embeds itself in the programs on your device. Its goal? To damage, corrupt, and collect data, often stealing personal information. This all happens behind the scenes; you usually aren’t made aware of any malware on your device until it wants your attention or becomes evident through the device’s performance. Malware can take many shapes and forms, such as Ransomware, Bots, Adware, Viruses, and Spyware.
You may recall, Minim was founded in response to a type of malware— the Mirai botnet behind the 2016 Distributed Denial of Service (DDoS) attack against Dyn. What made this attack so successful was its takeover of numerous kinds of IoT devices by infecting them with the Mirai malware. The result was hundreds of thousands of compromised devices, also known as "bots", ready to be used in the DDoS attack. (For more info on how a DDoS attack works, see here.)
How is a malware attack accomplished on my IoT device?
Generally speaking, an attack pattern will follow three phases:
Phase 1: Enumeration
In this first phase, the attacker is trying to gain a foothold into your device by identifying an attack vector to take. An attack vector can be found in any of the vulnerabilities on your device— examples include: default passwords, outdated software/firmware, little or no encryption, and Internet exposure. All of these vulnerabilities make up your device's attack surface.
To identify a vulnerability, the attacker may scan the Internet for open ports (A port is the channel through which your device can send and receive data over the Internet. An open port is a port that is accepting packets, or units of data. Applications listen to and accept packets through certain ports.) The attacker may also try to trick you into visiting a malicious website by clicking on a link.
Phase 2: Compromise
In this second phase, the attacker looks to exploit the vulnerability it found in your device to gain the foothold. For instance, if the attacker found an open port, they then may try logging in using a set of common default username/password combinations like admin/admin, root/admin, etc. If the attacker can successfully login, they then have the ability to control your device.
Phase 3: Expand/Attack
In this third phase, the attacker has found a way into your device and has the ability to control what it does. This is where they may choose to install a more specific malware or to continue acquiring additional devices to perform a more elaborate attack, such as a DDoS. What the attacker does in this stage ultimately depends on their overall goal.
What damage could happen to my compromised IoT device?
Beyond the intangible information and data that could be stolen, your device can be damaged by an attack; and, depending on the device, it could put your home at risk. The device’s software could be corrupt so that the device does not function properly. (Unfortunately, even devices that were designed with security in mind are being found to have serious flaws.) Think about if you had smart devices controlling your heat, appliances, electrical outlets, or door locks. You can imagine how physical damage or theft can be accomplished, so I'll move on to some brighter topics...
How do I keep my IoT device secure?
There are some steps you can take to secure your IoT device, such as:
- Using a firewall when connecting to the Internet
- Maintaining the device's software/firmware updates
- Changing the default login credentials to something more unique
- Disabling the device's "Remote Support" feature if not being used
And while these are great security measures to take, they simply aren't enough in the smart home. We know, it's daunting.