2 min read

Hackers Prey on the Vulnerable

Ionut ILASCU

November 06, 2018

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Hackers Prey on the Vulnerable

Risks to the security of Internet-of-Things devices will persist as long as consumers and manufacturers ignore baseline defenses. There are numerous reports in the media about smart gadgets falling under control of cybercriminals who use them to build an infrastructure that serves their purposes.

Because of their ubiquity, home routers are a common target of hackers, as are digital surveillance equipment (IP cameras, DVRs, NVRs) and network-attached storage (NAS) systems. Hackers can try multiple methods to hijack a device available online. Here’s a list of the most common ones, which have made some waves in the media and the security industry:

* Default login credentials

– Many users leave their connected devices set to factory defaults. The infamous Mirai botnet capitalized on this mistake to build its DDoS cannon of hundreds of thousands of smart devices.

– Accessing and managing a system remotely is possible via a telnet connection. Although it is considered unsafe because of the lack of data encryption, it is often enabled from the factory. The Hide and Seek botnet propagates to other gadgets via this service.

– SSH (Secure Shell) connection achieves the same goal as telnet, but all data flows through an encrypted tunnel.

* Exploiting publicly known vulnerabilities

– Cybercriminals have diversified their attacks against IoT products and hijack them using exploits for known vulnerabilities. A streamlined firmware update process is far from an IoT strength, so many devices run vulnerable software. The Satori and Reaper botnets profited from this to compromise tens of thousands of gadgets.

* Management protocols

–  Some management services, like UPnP, have been abused to strengthen a botnet, while others (SNMP, HNAP, SSDP, CWMP) are known for exposing the network.

* Backdoor accounts

Some devices may have hidden accounts with hardcoded credentials, accessible via telnet or SSH; as soon as the word is out, the details can be used to infect those systems.

Mitigating these risks does not require an expert. You can set up efficient defenses against most types of attacks; and there isn’t much to it, either:

– set your own username and password for web interface access

– disable any service that gives access to the device from the web (telnet, SSH)

– do not expose the UPnP service online, and, unless absolutely necessary, turn it off for the local network, too.

– keep your devices updated with the latest firmware version from the vendor

tags


Author



You might also like

Bookmarks


loader