UPDATED 14:05 EST / OCTOBER 27 2016

NEWS

Can your connected devices be hijacked? UK firm has a way to find out

In the wake of last week’s massive distributed denial of service (DDoS) attack on the domain name server hosting provider Dynamic Network Services Inc. that brought down some of the internet’s largest websites, I got an email from London-based Bullguard Ltd. informing me of the BullGuard IoT Scanner, a free tool that enables consumers to check whether their connected devices are secure. Consumers have scanned more than 100,000 unique IP addresses with the service, and just under 5 percent have failed the vulnerability test.

After first verifying that my Wi-Fi thermostats weren’t involved in bringing down Twitter, I asked a few questions of Bullguard CEO Paul Lipman (below right). Here’s an edited version of our email interview.

Paul Lipman, CEO, BullGuard Ltd.How does the IoT Scanner work?

It scans your public IP address and identifies the communications channels that are opened by your devices connected in that network, such as port 7547. It also determines if other devices, such as smart TVs and media players, are opening channels. An open, publicly accessible port is an easy entry point for hackers.

How confident should users be in the results of your scan?

Very confident. The BullGuard IoT scanner scans for open ports in the same way that a hacker would. What we find is what they would find.

How do you think the attackers managed to hijack so many devices and deploy them for single event last Friday? Does this require a great deal of technical skill or are there tools that make it easy?

The Mirai malware that was used in the attack is part of a family of malware that infects IoT devices through default usernames and passwords. Mirai propagates by hitting Telnet servers with a list of 62 insecure default passwords, which are embedded into its code and which are used by some popular IoT devices, such as Dahua Technology Co., Ltd. video surveillance products and Xiongmai Technology Co. components. Once inside an IoT device, Mirai attempts to kill and block anything running on several ports, locking out users from their own devices and preventing infection by other malware.

Your press release said this could be the tip of the iceberg. Why?

The Mirai source code is out there for anybody to use and build upon. Dyn estimated that the attack involved 100,000 compromised devices. That’s only a fraction of the number of IoT devices currently out there, and a microdot compared to predictions of 50 billion IoT devices by 2020. Imagine the damage that could be done if a well-resourced hacker group exploited insecure devices at these volumes.

Are there any patterns evident among the 4.6 percent of devices that you have found to be vulnerable?

At this stage, IoT devices from Dahua and those that contain software from XiongMai have been identified. However, the fact that 62 default user names and passwords have been embedded into the Mirai code suggests that devices from other manufacturers are also being targeted.

What steps can consumers and businesses take to guard against hijacks?

Follow basic security hygiene practices, such as changing the default user name and password for all your devices.

Why aren’t device manufacturers solving this problem more aggressively?

The IoT market is a low-margin, high-volume business. Securing products that have already been sold is not a top priority for many manufacturers.

They could provide some basic help by, for example, disabling the device until the user changes the default password. They could also adopt a raft of best practices such as automatic device updating, patching, strong encryption, eliminating back doors and conducting device security assessments.

However, this undermines the low-margin, high-volume business model. Also, most IoT devices run systems on chips that aren’t powerful enough to facilitate things like robust encryption and remote patching.

So more powerful processors are required, but that means more power, bigger and more expensive batteries and greater bulk and weight. R&D and manufacturing costs would have to go up. The cost of devices would be higher and the business model would again be undermined.

We recently acquired Dojo-Labs Inc. to throw a security net around the home network and detect behavior in IoT devices that indicate malware or hacking. Dojo’s technology keeps devices from being incorporated into IoT botnets and closes potential security vulnerabilities in devices on home networks. But when it comes to industrial and national infrastructure IoT, governments may need to step in to assist.

Level 3 live outage map via DownDetector.com

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU