What You Need to Know About IoT Botnets

Stream Technologies Blog

Hear the latest from our sales team on the front line to the developers working beind the scenes
and from our team worldwide supporting our services.

What You Need to Know About IoT Botnets

Published: Wed 14 June 2017 | by Alan Tait

"Anything that can be connected will be connected. Anything that can be connected will be connected. Anything that can be connected will be connected", so goes the mantra of IoT acolytes from Bangor to Bangalore. The promise of ubiquitous connectivity is as daunting as it is exciting. On the one hand, there's the prospect that your fridge could automatically order groceries for you when you're running low, but on the other hand, there's the threat that a teenage hacker could be spying on you via an unsecured IP camera in your living room. In this post, I'll examine some of the threats that jeopardise online security and provide you with some quick and easy tips to help you stay protected online.

Market Proliferation and Consumer Vulnerability

As hype surrounding the scale of the IoT market builds, manufacturers are rushing to cash in by producing affordable, "IoT Ready" devices targeted at consumers. The uncomfortable truth is that security best practice is often forgotten as manufacturers push to deliver their products ahead of the competition. This can leave consumers vulnerable to cyberattacks from malicious parties.

From the perspective of a consumer, it should be as simple as possible to connect their device. To satisfy this requirement, some manufacturers have taken the step of hardcoding their devices' default passwords. In some cases, the default password is generic across all the devices, with certain devices using the credentials admin/admin. Although this makes it easy to set up devices, it also makes them worryingly easy to hack.

Gartner, a leading technology industry analyst firm, recently suggested that there may be as many as 20.8 billion IoT units installed by 2020. Ranging from everyday objects like smart TVs and light switches, to critical infrastructure such as cardiac implant monitors, if even a fraction of these devices is susceptible to cyberattack, it could result in a security breech on an unprecedented scale. Recent cyberattacks, such as the Dyn cyberattack and Mirai malware, have demonstrated that botnets pose a particularly acute threat to online security.

What Is a Botnet?

A botnet is a network of internet connected devices, such as PCs, smartphones or IoT devices, whose security has been breached and is under the control of a third party. Each compromised device is referred to as a "bot". The party in control of the botnet can control the activities of the compromised devices. Typically, botnets are used to perform activities such as DDoS attacks, spamming, traffic sniffing or keystroke logging. These activities enable attackers to cause a great deal of harm to individuals and organisations on the internet. They can be used to support criminal activities, such as mass identity theft or proliferate the spread of ransomware. For example, the recent Dyn cyberattack, which caused significant disruption to several high-profile internet services, was accomplished using an IoT botnet.

Why Are IoT Devices Vulnerable to Botnets?

There are several factors which make IoT devices vulnerable to being subsumed into botnets. Predominantly, these centre on factors such as devices having limited support for consuming software updates, the use of insecure passwords and the user having a lack of visibility of the device's behaviour. For example, if a botnet is targeting a PC, the system may only be vulnerable if it is using a specific operating system. Even if the PC has been successfully targeted, the issue can be resolved if the user downloads a security update or removes the offending programme. However, with an IoT device, there are far fewer variables to consider and far less scope for user intervention.

Most consumer IoT devices generally have very limited support for software updates and they often share a common operating system and software stack. This can cause problems when the software in use has known security vulnerabilities. The use of insecure passwords, particularly insecure default passwords, exacerbates this issue as it allows malicious parties to use automated scanning tools to identify suitable targets. In addition, consumer IoT devices are typically headless, which means that they operate without a screen or monitor. This means that end users have very little visibility of the device behaviour and will rarely notice it isn't behaving as expected. As the number of these devices grows the chances of the end user having the technical skills to identify and protect themselves from these threats reduces.

Quick and Easy Tips

So, what can you do to reduce the risk of your IoT devices from being subsumed into an IoT botnet? Here's are a few quick and easy measures you can take to stay protected online:

  1. Change all default passwords to something unique and relatively complex. Use a password manager if you're having problems keeping track of all your passwords.
  2. Do not allow unrestricted access to any device on a public IP network without any filtering. If in doubt use a VPN.
  3. Do not forward all ports to a device.
  4. If possible change the default ports used by the device.
  5. Keep all devices as up to date as possible.
  6. Only allow outbound traffic to known places.


< Back