The tremendous popularity of Internet-connected devices in the past few years has transformed the way we interact with the world, and the way we look at cyber-security. The game-changing potential of automation in every aspect of our lives has many times been overshadowed by news of record-breaking DDoS attacks, increasingly larger botnets of compromised devices, and other associated risks.
When we started working on Bitdefender BOX, the world’s first IoT security appliance, we saw this coming, and we made a mission out of keeping the smart home safe. In the last year alone, Bitdefender researchers have analyzed more than 1 million security incidents in smart homes that were reported via Bitdefender BOX.
Key findings in the smart home
The average smart home in the United States has 10 to 14 internet-connected “things”. The most common are routers (31%), NAS devices (25%) and smart TVs (9%). Virtual reality headsets and smart beds are still rare in users’ homes.
Our telemetry reveals that 78% of households harbor at least one vulnerable device, and the average household has two vulnerable devices connected. While the number might sound trivial, these vulnerabilities can have a devastating impact on users’ privacy. For instance, more than 70% of Bitdefender BOX users have been prompted that their devices were sending private information and credentials in an unsafe manner (usually via plain HTTP) without their knowledge. By default, Bitdefender BOX blocks transmission of sensitive information in clear text and notifies the user about this risky behavior.
Another interesting fact uncovered in the Bitdefender study is that 98 percent of reported incidents are caused by known and unfixed issues that are publicly documented. Basic authentication, default or weak passwords, or unknown vulnerabilities account for a combined 2 percent of the incidents.
Attackers can leverage these vulnerabilities in a variety of ways. Bitdefender BOX reveals that 37% of the flaws encountered can result in denial of service, while 12% can be used to exfiltrate information from the device. Almost 8 percent of the vulnerable devices in smart homes can be hijacked via code execution, according to the data provided by Bitdefender BOX.
In addition to combining threat intelligence from more than 500 million endpoints, Bitdefender operates a vast network of honeypot devices to stay up to date with the latest attacks against IoT infrastructure. These devices emulate vulnerable IoT gadgets and record the tactics or techniques hackers use to break into devices and enroll them into botnets.
Information aggregated from Bitdefender’s Deceptive Technologies reveals that automated attacks can compromise a vulnerable IoT device in less than 2 minutes on average. By using bruteforce or dictionary attacks, hackers can accelerate the time to compromise from minutes to seconds.
Bitdefender records and analyzes over 1.7 million live attacks across the IoT honeypot network every month.
Machine learning to the rescue
While vulnerability assessment and antimalware protection are fundamental technologies that shield devices and users from exposure, artificial intelligence plays a key role in spotting the tell-tale signs of misbehavior at the network level.
Because it’s familiar with the regular behavior of IoT devices, Bitdefender BOX can detect a wide range of anomalous behaviors. The most frequently encountered anomalies in devices that go rogue are related to the domains devices are attempting to contact (29.21%), outgoing ports (3.86%), bruteforce attacks (2.75%) and suspicious TOR activity (0.45%).
Making your home a safer place
Whether we want it or not, the Internet of things is here to stay. The existing multitude of connected objects might already look overwhelming to the average user, but it is just the bottom layer of an industry expected to reach US$4,300 billion by 2024.
The Internet of Things offers a wealth of opportunities for the smart home, provided that the security aspect has been taken into account. In 2015, Bitdefender has revolutionized IoT cybersecurity by developing Bitdefender Box, the industry’s first smart home security solution for all connected devices. The Bitdefender IoT Security Platform is also available for network operators and router manufacturers and is currently included in an increasingly large family of Netgear routers.