Cybersecurity experts F-Secure have released a report which claims history may remember 2018 as the ‘turning point’ in IoT threats.
In 2018, the firm witnessed double the number of IoT threats as the previous year. The rapid proliferation of connected devices is making the IoT an ever more appetising target for hackers.
Here's the rapid growth in attacks since 2002 detected by F-Secure’s network of ‘honeypot’ servers:
In late 2018, F-Secure detected a huge spike in the number of threats which target exposed telnet ports. This is the same attack used by the infamous Mirai botnet.
F-Secure notes that most of the larger device manufacturers have good security in place, but it's the millions of (typically cheap) devices flooding the market from lesser-known brands that are often most vulnerable.
Generally, these devices are things like webcams and routers which can be particularly dangerous if hacked. Typically they're compromised through fairly basic means such as default passwords.
“Weak passwords, known vulnerabilities, updates that rarely or never come. We’ve seen this all before,” said F-Secure Operator Consultant Tom Gaffney. “We’re making the same mistakes we saw in the 90s all over again. Only now, there’s no excuse.”
That's not to say devices from larger manufacturers are unhackable. F-Secure’s own Mark Barnes successfully hacked a 2017 Amazon Echo using its debug pad to convert it to a ‘wire tap’ capable of covertly listening at all times.
Barnes alerted Amazon to the vulnerability and worked alongside the company to fix it prior to disclosure. Future versions of the Echo were no longer vulnerable to the same attack.
“All devices which can connect to the internet – collectively called the ‘Internet of Things’ or IoT – are potentially at risk of a cyberattack,” Interpol noted in a February 2018 release.
Hackers are finding new ways to monetise their activities through IoT devices, providing further incentive. The vast number of easily compromisable devices provide a huge amount of computing power.
In August, the FBI stated that “routers, wireless radios links, time clocks, audio/video streaming devices, Raspberry Pis, IP cameras, DVRs, satellite antenna equipment, smart garage door openers, and network attached storage devices” could be hijacked for their computing power.
This computing power makes way for botnets like Mirai to be rented which can lead to serious disruption of a competitor's services in business, another state's infrastructure in conflict, or just cause general disruption.
Compromised devices can also be used to mine cryptocurrencies. While it's rarely profitable for individuals anymore, having an entire army of devices at your disposal could bring in a lot of difficult-to-trace cash.
With the number of IoT devices likely passing the number of humans on the planet in late-2018 / early-2019, and set to triple by 2021, it seems unlikely the IoT will become less of a target in the years to come.
You can find F-Secure’s full report here (PDF)
Interested in hearing industry leaders discuss subjects like this? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.