What do Hackers want from IoT devices?

The Internet of Things is in the midst of a monumental boom at the moment. With projections pointing to upwards of a dizzying 12.3 Billion connected devices worldwide. And it’s quite easy to see why - the internet is by far the most precious of all our technological innovations. Quite simply put, it is rather safe to say that the internet is nearly single handedly responsible for the technological and commercial feats of today’s world.

IoT takes this incredibly powerful tool and literally brings the power of the internet to all kinds of objects that perform various functions around us. The premise is simple really - connecting small devices to the internet makes them a lot more useful and efficient.

In recent years, all sorts of previously one dimensional devices such as light bulbs, cars, doorbells, TVs, even entire cities have turned smart thanks to the power of wireless sensors, artificial intelligence and state-of-the-art energy harvesting technologies. When these little everyday devices, or nodes as they’re called, are connected to the internet such that they can communicate with each other and exchange information through a central server -  this makes them incredibly efficient and economical. Moreover, their functionality gets a huge boost when they’re able to function autonomously.

However, with opportunity comes risk - while throwing the shackles off the internet and bringing it to billions of devices has a lot of advantages. It also opens the door to potential security concerns. With the internet of things, we are able to improve the connectivity and livability of our everyday lives significantly. However, this also throws the door of possibility open to those with malicious intent. It is predicted that there will be 40 billion connected IoT nodes by 2025 - This means that hackers are theoretically going to have that many entry points into computing resources that they could use for crypto-currency mining or in a DDoS operation.

Needless to say, manufacturers are well aware of the fact that cyber security is something an increasing number of people care about. People are more sensitive than ever to the threat of cyber terrorists and expect manufacturers to watch their backs. The major players in the IoT space are leaving no stone unturned in a bid to find more widespread adoption.

Ingenious Study

A team of researchers working at the NIST and University of Florida recently published their findings from an experiment that they have been conducting for the past 3 years. This 3-year long honeypot experiment was aimed at understanding what cyber attackers cherry-pick certain kinds of IoT devices to attack.

What is a honeypot? You might find yourself wondering. Put simply, a honeypot is a tool used by ethical hackers to understand how a piece of malicious software interacts with its victims. A honeypot is an isolated network that masquerades as a real network, thus luring hackers in. Well, now that you get it you probably understand why they are called honeypots.

The researchers in this particular study had a pretty basic setup including server farms, a vetting system and the computational machinery to capture and analyse data. In order to simulate a diverse ecosystem, the researchers installed a bunch of open-source honeypot emulators such as Cowrie, Dionaea, HomeCamera and KFSensor. They tweaked their instances to make it seem like they were real devices on specialised internet search engines that hackers use to locate node devices connected to the internet.

The novel element of this study was that the researchers found ways to calibrate the honeypots in response to various methods of attack that various hackers used. They were then able to use the aggregated data to introduce changes to the IoT configuration and security. As the actor responds to these changes, the system is able to adapt to that response.

What did they find?

The honeypot experiment found that most of the actors employed very similar attack patterns. They were of the opinion that this was likely due to the objectives of the various attackers being fairly similar.

For instance, they found that most actors ran the command “masscan” which opens ports and “/etc/init.d/iptables stop” which is used to disable firewalls. The next most popular command, perhaps surprisingly, is one used to collect information about the target hardware. Interestingly, the study also registered a whopping million hits for the username/password combination of admin/1234, revealing an embarrassing laziness on the part of users.

As far as the researchers were concerned, these were incidental findings - what they were really keen on trying to understand was what attackers were trying to accomplish when they broke into IoT devices. The researchers found that DDoS recruitment and coin mining accounted for most of the attacks.

They have published their findings in a recently published paper which sure makes for a great weekend read if you are an IoT obsessive.

Ensuring Safety of IoT Devices

Hackers have been around for as long as we’ve had computers. In spite of the ever-present threat of cyber-attack, we have, as a global unit, been remarkably successful in being able to construct a robust global internet infrastructure that manages to deliver the goods 99.9 % of the time.

This is no small part due to the work of ethical hackers such as the Florida based researchers who carry out some spectacular work that usually goes unsung. Although a lot is being done to ensure the safety and security of IoT devices, there are a few things we can personally do to go the extra mile.

These little things that we can ensure as a user, can go a long way in making sure our IoT devices are protected from cyber threats.

1. The default account or username of your IoT connected device needs to be long and complex. Use a random string of letters, symbols and numbers and make sure you don’t choose something memorable.
2. If possible, it is always advisable to set up separate accounts for IoT devices.
3. It’s most certainly wise to keep up with firmware or other security updates provided by the manufacturer.
4. Keep an eye out for any signs of strange activity or exploitation on your connected IoT device