COVER STORY
Botnets bring battles in IoT: Revisiting embedded security
Next, they began spreading this
The rise of botnets targeting the Internet of Things (IoT) has emerged as a clear and present danger for rapidly growing new industries such as home automation, smart cities, and industrial networking. While botnets unleashing Distributed Denial-Of-Service (DDoS) attacks have been known for quite some time, botnets specific to the IoT aren't necessarily new either. However, what is new about IoT botnets is the realisation of how devastating they can be, and the fact that inadequate security can blow up the IoT party at a time when embedded systems are being hooked up to the Internet in droves. In this article, Majeed Ahmad for Mouser Electronics explores botnets in terms of IoT device security vulnerabilities, as well as identifies key ways to secure devices against them
A
Botnets and their potential exploits
botnet is a collection of
connected devices that have been infected with malware allowing
an attacker to gain remote control and coordinate actions like launching a DDoS attack. Botnets, also known as zombie armies, can also be used to send spam emails, sniff out sensitive passwords, and spread ransomware. The IoT botnets differ from their
Windows-based counterparts in that they’re built from compromised IoT devices, and they can spread to a huge number of devices using the vast IoT network. Moreover, unlike common botnets, which are mostly used to spam, IoT botnets can cause far greater damage by impacting the physical environment around IoT devices.
For instance, an IoT botnet attack on
traffic lights can create chaos across an entire town and ravage smart city infrastructure. Likewise, hackers can increase the heat levels in smart homes and artificially boost the demand for oil or gas.
Another stark difference is that unlike personal computers and servers, which are protected by safety features such as malware detection and firewall filtering, IoT devices are becoming attractive targets for botnets because they generally don't use such advanced security features. The rise of IoT botnets was predicted to become a threatening cyber security trend in 2016, but the IT security community dismissed the threats posed by these IoT botnets. At that time, the threat was generally perceived as being fairly limited, though before long, toolkits became available that enabled botnets to take advantage of vulnerabilities in unsecured IoT devices. The Mirai attack in October 2016 was a key turning point. Mirai – and another IoT botnet called
8 March 2018
Bashlight – exploited the vulnerability in a pared-down version of the Linux operating system used in embedded devices like IP cameras and Digital Video Recorders (DVRs). By doing so, these IoT botnets took advantage of a known vulnerability in devices such as webcams and then downloaded malware from a Command-and-Control(C&C) server.
malware to other vulnerable devices by continuously scanning the default or hard-coded usernames and passwords. That’s how they launched DDoS attacks by infecting a vast number of connected devices. More than 150,000 IP cameras were used by the Mirai bot malware.
Botnets highlight flaws in embedded system design Mirai delivered the wake-up call on the dangers of unsecured networked devices are at time when Internet-connected devices is at an all-time high and still growing. Market research firm Gartner predicts 20.8 billion connected objects joining the IoT bandwagon by 2020. Mirai also showed how hackers could take control of any vulnerable IoT device and enslave it into a botnet. Mirai and other IoT botnets raised the profile of embedded security and highlighted the key flaws in embedded systems design: • The quest for simplistic IoT designs and the choice of low-cost components inevitably makes embedded security an afterthought.
• IoT devices have just enough
processing power and memory space for the bare minimum functionality, thus pushing security considerations to the back seat.
• Strict deadlines and time-to-market pressures sometimes lead IoT
developers to bypass security design components altogether. • Many IoT designs are based on the
reuse of software and hardware components to simplify design and lower cost. However, it also exposes default credentials in entirely different classes of IoT devices.
• Detecting infection of embedded devices is inherently difficult because they lack OS transparency and easy access; rather than accessing the OS itself, monitoring and detection are done through cumbersome access points like web browsers or smartphone apps. • The majority of embedded systems run on some variant of Linux, which is not secure unless it’s properly patched, configured, and hardened. Hackers have mostly been exploiting Linux loopholes in routers and set-top boxes. IoT botnets have already impacted IP cameras, Wi-Fi routers, webcams, and set-top boxes, and they have been used to launch DDoS attacks against online gaming services. Hackers have also unsuccessfully attempted to use Deutsche Telekom's routers as devices for a botnet.
What's next? Smart fridges, light bulbs, door locks, and connected cars? These botnets and their creators could cause devastation on a much larger scale when unleashed on banks, hospitals, and smart city infrastructure.
Figure 1: Threats such as IoT botnets demand multi-layer security for network-centric embedded systems Components in Electronics
www.cieonline.co.uk
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48
