More reasons to avoid the "Internet of Things"

"TheRealBicycleBuck" (therealbicyclebuck) 10/04/2016 at 16:07 • Filed to: None

3

16

The internet of things (IoT) is a goofy name for all of the devices that connect to the internet to provide some additional function. Think of things like routers, IP cameras, thermostats, refrigerators, etc. There is malware out there that connects to unprotected devices and uses them to form a botnet which can then be put to nefarious use like a DDOS attack.

Someone just released the source code for one of these botnets, opening the door for more hackers to build variations of the original. From the !!!error: Indecipherable SUB-paragraph formatting!!! :

“The malware, dubbed “ Mirai ,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords.”

“Sources tell KrebsOnSecurity that Mirai is one of at least two malware families that are currently being used to quickly assemble very large IoT-based DDoS armies. The other dominant strain of IoT malware, dubbed “ Bashlight ,” functions similarly to Mirai in that it also infects systems via default usernames and passwords on IoT devices.”

“Infected systems can be cleaned up by simply rebooting them — thus wiping the malicious code from memory. But experts say there is so much constant scanning going on for vulnerable systems that vulnerable IoT devices can be re-infected within minutes of a reboot . Only changing the default password protects them from rapidly being reinfected on reboot.”

“On the not-so-cheerful side, there are plenty of new, default-insecure IoT devices being plugged into the Internet each day. Gartner Inc.   !!!error: Indecipherable SUB-paragraph formatting!!! that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected each day, Gartner estimates.”

Keeping all of your internet-connected devices behind a good router will help prevent malware. Always use protection!

Tekamul > TheRealBicycleBuck 10/04/2016 at 16:16

3

IoT is just marketing speak for the early stages of the third wave of computing.

Eventually, the majority of physical objects you interact with will be networked, either locally or globally. It will be common design practice as data collection and analysis becomes fully pervasive, and maintenance becomes fully preventative rather than reactive. Security faults will be a constant concern. Most of what you see now is a result of companies with half-assed implementation. After enough of them get burnt, procedures will improve.

CB > TheRealBicycleBuck 10/04/2016 at 16:17

3

There’s a reason why I’m so concerned about drive-by-wire controls and vehicle to vehicle communication. It’s a little alarmist, but I think it’s relatively valid considering the fact that automotive tech security is so lacklustre.

Think about a car having a virus. Just a little bit of code with a timer on it that’ll tell the car to turn left and apply some gas when the time runs out, maybe spoofing an accident or a stopped car in front. Maybe it only affects one model or one make. Anyway, that car is now a carrier. It drives, let’s say, twenty kilometres to get to work. During that time, it’s talking to other cars, and possibly sharing the virus among other updates about road and traffic conditions. Each of those cars is now a carrier, which in turn spreads the virus to even more cars. Eventually, timer runs out, car turns left and hits the gas. Boom, accident. And depending on where a person lives and the route they drive,

It’s pretty damn simplified, but vehicle to vehicle communication possibly has the potential to be incredibly dangerous if we’re not careful.

Blunion05 drives a pink S2000 (USER WAS BANNED FOR THIS POST) > Tekamul 10/04/2016 at 16:26

1

Pretty much this. Companies producing appliances that are part of the IoT wave just don’t care about security yet. Just look at the auto manufacturers. They got burned here and there and are having to take steps to prevent these things from happening, although very reluctantly because of the costs that come with implementing security (which is why companies don’t want to do the security thing in the first place). Once there is better regulation and accountability these things will improve.

TheRealBicycleBuck > CB 10/04/2016 at 16:28

3

I’m right there with you. It’s still hard to believe that people are willing to build integrated systems into rolling machinery, then connect those systems to the passenger’s devices, other rolling machinery, and the internet. At the very least, the command/control systems should be isolated from the entertainment systems.

Tekamul > CB 10/04/2016 at 16:31

2

Piercing the veil between local and global networks seems like such a terrible idea, because makers will never safeguard their technology 100%.

The scenario you spelled out is pretty easy to see happening once drive-by-wire and peer-to-peer communication reach an adoption threshold.

Mercedes Streeter > TheRealBicycleBuck 10/04/2016 at 16:34

0

Jeebus...I can only imagine what would happen if someone learned how to hack an Internet connected car or house door lock? :O

Rust and Dust - Oppositelock Forever > TheRealBicycleBuck 10/04/2016 at 16:34

0

Read a bit about this attack last week before they’d figured out exactly how it was executed. I can’t remember the exact numbers, but it doubled the amount of traffic/data used in the next largest attack. Frightening to think it was home light bulb controllers and other innocuous appliances.

CB > Tekamul 10/04/2016 at 16:36

1

Bingo. The worst thing is that with how mobile cars are, a virus could spread pretty damn quickly, and it might take a while for people to realize that something is going on. And think about how few people get recall work done to their vehicles. How many people do you think would go to the dealer just for a software update? Meanwhile, over the air software updates also sound like they could be problematic.

Really, I’m cool without a connected car. No 4G or LTE, doesn’t need to talk to others, just a car on its own. At least that way I know that someone would need to physically access my vehicle to cause that kind of problem.

TheTurbochargedSquirrel > TheRealBicycleBuck 10/04/2016 at 16:36

0

The issue is not IoT devices. The issue is that people hook devices up to the internet with 0 security. Nobody remembers the security when they connect a device to the net.

deekster_caddy > Tekamul 10/04/2016 at 16:48

0

Just wait until some hacker figures out the programmers back door login to some of these things. Because you know there is one... then even changing the default password won’t help you!

TheRealBicycleBuck > TheTurbochargedSquirrel 10/04/2016 at 17:26

0

There are two layers of security, the device and the network. Unfortunately, both can fail.

TheTurbochargedSquirrel > TheRealBicycleBuck 10/04/2016 at 17:57

0

These IoT devices are so bad that if you have the IP you can basically do whatever you want with them.

DC3 LS, will be perpetually replacing cars until the end of time > TheTurbochargedSquirrel 10/04/2016 at 19:42

0

Does that mean hackers will be like the guy in watch dogs?

If so I need to learn hacking so I can Jason Bourne some MFs

Tapas > TheRealBicycleBuck 10/05/2016 at 07:40

1

I just have an icky feeling when my computers know everything about me, like auto fill data or restaurants I like or stuff like that.

I can’t willingly buy in to a router that knows my mother’s maiden name, a fridge that follows me on twitter or amazon echo/google’s new yell-at-me tube who knows what my orgasms sound like.

TheRealBicycleBuck > Tapas 10/05/2016 at 08:56

0

To avoid feeling icky, I think you will need to move. Buy a bunch of survival gear, throw away all of your devices, and move to a quiet cabin in the woods. Unfortunately, the paper trail from all of the purchases will follow you and your mailbox will be stuffed with offers to replace all of your old devices and upgrade your gear to the latest model that has been certified zombie resistant.

Tapas > TheRealBicycleBuck 10/05/2016 at 10:52

0

I’ll just need to make a bunch of clones so they don’t know which one of us is really into cars.