FBI explains why IoT devices are such a lucrative attack surface for criminals

The US Federal Bureau of Investigation (FBI) this week made a public service announcement informing owners of IoT products that hackers are leveraging these devices as proxies to fly under the radar as they go about their mischief.

“Cyber actors actively search for and compromise vulnerable Internet of Things (IoT) devices for use as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation,” reads the notice. “IoT devices, sometimes referred to as ‘smart’ devices, are devices that communicate with the Internet to send or receive data.”

The Bureau lists a few examples of such devices, naming a fair number of gizmos found in almost every Internet-connected household, including routers, audio/video streaming devices and DVRs, as well as less ubiquitous (but still pervasive) products like Raspberry PIs, IP cameras, smart garage door openers and network attached storage (NAS) devices.

The domestic intelligence service notes that IoT products make good proxy servers because they transmit all Internet requests through the victim device’s IP address, letting bad actors remain anonymous. The scheme is particularly lucrative in developed nations where business websites block traffic from suspicious or foreign IPs, while greenlighting domestic ones.

The Bureau has found that cyber actors use IoT proxies mostly to: send spam e-mails; obfuscate network traffic; mask Internet browsing; generate click-fraud activities; buy, sell, and trade illegal images and goods; conduct credential stuffing attacks; sell or lease IoT botnets to other cyber actors for financial gain; and overall maintain anonymity as they do all these things.

Criminals usually compromise IoT devices by taking advantage of weak authentication or obsolete firmware, or via brute force attacks on devices with default usernames and passwords, the FBI notes. If such an event occurs, the agency advises US residents to look for the following telltale signs:

• A major spike in monthly Internet usage;
• A larger-than-usual Internet bill;
• Devices become slow or inoperable;
• Unusual outgoing Domain Name Service queries and outgoing traffic; or,
• Home or business Internet connections running slow.

Finally, the Bureau instructs US citizens to regularly ensure devices’ firmware is updated, change default user names and passwords when they buy an IoT product, and use a dedicated security product.

In related news, the Pentagon has started restricting the use of wearables at sensitive bases or certain high-risk warzone areas as they can give away the user’s location.