Page 47 - Cyber Warnings
P. 47
The Threats
Threats to IoT, from hackers to malware, are myriad. A newly discovered malware called
BrickerBot, currently in the wild, targets IoT devices that specifically run open-source Linux.
BrickerBot takes advantage of users who did not change their default username and password
printed on the IoT devices prior to shipping. While other malware may look to add a device to
its collective of botnets, BrickerBot looks to kill the device outright. As opposed to the common
distributed denial of service (DDoS) attack, BrickerBot offers a permanent denial of service
(PDoS) attack which renders the device useless. While this vulnerability is common, it is easily
preventable and remedied by changing the default username and password while turning off
any Telnet remote access (Coppock, 2017).
The cellphone, the most ubiquitously connected device today, has its own share of security
issues. Pew Research found that 28% of owners do not lock their cell phone screen at all. 40%
of owners only update their devices when it is convenient and 14% admit to never updating the
software (Williams, 2017). Personal phones are connected at all times and contain personal
correspondence, photos, banking and contact information; however, a large percent of the
population can’t be bothered to secure it. Perhaps in the future, government regulation will
mandate protections for cell phones in the same way mandates were implemented for the
automobile (Palmer, 2017). Safety belts weren’t always standard or legally required and air
bags are a fairly recent innovation. People lived longer in spite of themselves.
A Secure Way Forward
Security company ForeScout produced an IoT Enterprise Risk Report authored by ethical
hacker Samy Kamkar. The report reflects badly on IoT product vendors that often use
rudimentary security and old firmware--an invitation to backdoor exploits and IoT botnet DDoS
attacks (Palmer, 2016). So, what are we to do in order to secure our IoT world? There are
some enterprising individuals and companies that see this niche and offer options. Forbes
offers up the six most popular technologies for future IoT security with examples of each; 1) IoT
Network Security – intrusion detections and firewalls; 2) IoT Authentication- static/dynamic
passwords, two-factors, digital certificates and authentication; 3) IoT Public Key Infrastructure
(PKI) – digital certificate and cryptographic keys and life-cycle capabilities; 4) IoT Encryption – in
rest and in transit, full key encryption life cycle management; 5) Rest-based Application
Programming Interface (API) – authorization and authentication of data from device to back-
end, integrity through bona fide communication channels and 6) IoT Security Analytics –
aggregation, monitoring and normalization of data from other IoT devices, adding machine
learning, anomaly detection and predictive modeling in the future (Press, 2017).
IoT as Security
Another solution for the security of IoT is IoT itself. In other words, the same techniques that
allow inspection, management and optimization of the immense amount of information that
currently cross networks can be used to repair a hack or breach. Tools can be developed to
compare network activity against a baseline while continuously monitoring and logging. Full
situational awareness is especially vital for critical systems as opposed to a common household
platform (OT vs. smart home), but both can be used for the same purpose. The future of
47 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
