Why hackers target you through IoT, how to spot a breach and how to protect yourself

IoT

In our most recent post, I walked you through the promise of the Internet of Things (IoT) from a consumer perspective before relaying a seemingly crazy anecdote about the increasingly creative (and nefarious) ways hackers are using IoT devices as access points to otherwise secure networks safeguarding sensitive data. It’s an important first step — recognizing IoT as the vulnerability it can be so you can take the proper precautions to safeguard your business (or your home, for that matter). So this week, I’ll be taking you through why hackers are targeting you through IoT, give you some simple signs to watch out for so you can spot a breach before disaster strikes, as well as provide some everyday tips for securing your devices and their respective networks.

A day that’ll live in infamy

The date is October 21, 2016. It’s  day like any other, really… except a lot of people mysteriously can’t connect to their favorite websites. For long periods of time. And I do mean a lot of people. So what happened?

Without getting too into the weeds, hackers executed a DDoS (Distributed Denial of Service) attack on one of the largest DNS service providers in North America, Dyn. A DDoS attack is essentially a hacker group flooding a server or network with an enormous spike in traffic, causing the network to overload and cease working because it can’t handle all the requests.

The October 21 attack is noteworthy because of how much of North America’s Internet was affected — as well as the method of attack.

Instead of attacking Dyn with infected/zombie computers (which can be difficult to gain access to do), these hackers relied on the huge network of IoT devices in people’s homes to act as the requesting agents flooding the zone. And here’s where you find out why hackers target IoT devices/networks.

For one, there are a lot of smart devices out there. For every computer you may have in your home, there can be a dozen smart devices connected to the Internet in some way (refrigerators, DVRs, thermostats, smart TVs, Apple TVs, microwaves, and on and on). And if they’re all on the same network, gaining access to any one of these devices could compromise your network and every device on it. And for the services of a DDoS attack, having access to so many devices makes it easier to flood the respective zone with erroneous traffic because there are so many sources the requests are coming from.

Another reason? Many of these devices ship with factory (read: ‘weak’) security and/or passwords, making it easier for hackers to gain entry to many of them at a time.

So how can I tell if my IoT devices have been compromised?

According to the FBI’s Internet Crime Complaint Center, there are a number of relatively simple ways to tell if your devices or network could be at risk/compromised:

  • A major spike in monthly Internet usage;
  • A larger than usual Internet bill;
  • Devices become slow or inoperable;
  • Unusual outgoing Domain Name Service queries and outgoing traffic; or
  • Home or business Internet connections running slowly

Now, evidence of one (or more) of these certainly doesn’t mean you definitely have an IoT breach, but they provide some great clues to watch for so you can alert the right people for further investigation (a company like us, for instance).

And what can I do to protect myself in the meantime?

Going back to the FBI’s IC3 division’s best practices, here are some evasive actions you can take to protect your network and data in meantime:

  • Reboot devices regularly, as most malware is stored in memory and removed upon a device reboot. It is important to do this regularly as many actors compete for the same pool of devices and use automated scripts to identify vulnerabilities and infect devices.
  • Change default usernames and passwords.
  • Use anti-virus regularly and ensure it is up to date.
  • Ensure all IoT devices are up to date and security patches are incorporated.
  • Configure network firewalls to block traffic from unauthorized IP addresses and disable port forwarding.
  • Isolate IoT devices from other network connections.

Hopefully you’ve gained a better understanding of why hackers target IoT devices as well as how you might be able to spot a breach, or better yet, prevent one altogether.