Microsoft officials said on Monday that they had located hackers working for the Russian government using printers, video decoders, and other IoT-related devices as a means to break into specific computer networks. Researchers at the Redmond giant discovered the attacks in April when a VoIP phone, office printer, and video decoder at various customer sites communicated with servers belonging to “Strontium”, a group of Russian government hackers known as “Fancy Bear” or “APT28”.
“These devices with IoT application development have become entry points where attackers have established a presence on the network and have continued to look for more ways to access,” Microsoft Threat Intelligence Center officials said in a statement. “After the hacker successfully established network access, a simple network scan allowed him to search for and discover other insecure devices and move around the network for more privileged accounts and to grant access to higher-value data.”
Last year, the FBI concluded that the hacking group was behind the infection of more than 500,000 routers in 54 countries. Nicknamed “VPNFilter”, the malware was known as the Swiss army hacking method. Advanced features included the ability to monitor, log, or modify the traffic that passes between network terminals, sites, or industrial control systems using Modbus serial communication protocol. The FBI, with the help of Cisco’s Talos security group involved in the IoT mobile app development, neutralized VPNFilter.
Microsoft has notified device manufacturers that they might consider adding new protections. Monday’s report also provided IP addresses and scripts that organizations can use to detect if they were also targeted or infected. In addition, the report reminded people that despite Strontium’s above-average hacking skills, an IoT device is usually all it takes to gain access to a segmented network. That is, others may try to do this.
“While a great part of the business centers around equipment embeds dangers, we can see from this model adversaries are glad to investigate easier design and security issues to accomplish their objectives,” the report noted. “These simple attacks taking advantage of poor device management tend to expand as more IoT devices are deployed in enterprise environments.”
IoT devices are no longer a niche market. The tendency to have all our devices interconnected, together with the cheaper manufacturing of these technologies, is driving their takeoff enormously. In addition, it is expected that soon this will go further with the implementation of the IPv6 address space and the deployment of 5G technologies in mobile networks.
They emerged from the convergence of microelectronic systems, and wireless and internet services offered by IoT companies, which resulted in a large network of everyday objects capable of communicating with each other, without the need for human intervention. From a refrigerator that can inform us remotely if it is losing cold, to a biochip implanted in our body notifying us about the level of blood glucose or heart rate, through the great fashion of wearables with their measurements on our daily physical activity.
The relevance of IoT technologies, as well as the advantages they offer in our daily lives, is a reality. However, they also have several drawbacks to consider. The information handled by these devices is increasingly sensitive or relevant, so keeping them safe is vitally important.
The growth of these devices also means, an increase in the number of new vulnerabilities that affect them.
Carrying out a correct security policy is a complicated task due to ignorance. This affects consumers, but more developers and manufacturers. Here at AppStudio, we always try to increase awareness among users and consumers and strive hard to make manufacturers and developers think about security as the most important aspect.
The great challenge of the next decade for IoT development services will be IoT security because it is estimated that by 2020, 38.5 billion devices will be connected to the network.
In North America, a cyber-attack is reported every 20 seconds,” said Shawn Kimbuli, director of the Global Research and Analysis Team at Kaspersky Lab.
Viruses, phishing, theft, or loss of data are the most common; they are aimed at companies, individuals, government organizations, or corporations.
Uber, for example, had to pay hackers US $ 100,000 to recover 57 million data, from drivers and users.
In 2015, the Grabit spying campaign was discovered. Business teams were infected; the information on your hard drive was stolen. “A chemical company whose name was not disclosed suffered patent theft through this system,” an expert told a national newspaper.
More is needed to establish protocols. IoT companies in Toronto must build trust and integrate habits to prevent and mitigate risks.
Table of Contents
- Top 10 vulnerabilities in IoT 2019
- Use of weak or embedded passwords
- Unsafe network services
- Insecure interfaces in the IoT ecosystem
- Lack of secure update mechanisms
- Use of insecure or outdated components
- Insufficient privacy protection
- Lack of security in storage and data transfer
- Inadequate device management
- Default insecure settings
- Lack of physical security
- How we can help?
Top 10 vulnerabilities in IoT 2019
Next, we will detail each of the vulnerabilities included in the last year’s list:
Use of weak or embedded passwords
The use of passwords that can be easily obtained through a brute force attack, which by default are the same for all devices or that are even public on the Internet, are vulnerabilities deeply rooted in IoT technologies due to their inheritance of control systems. This is one of the most serious vulnerabilities in the IoT scope, since it has already been exploited, on previous occasions, to carry out distributed denial of service attacks using a botnet formed by IoT devices that had a default password. The solution to this vulnerability is quite simple: use unique passwords between devices, associated with an account or an active directory service, so that the password is not embedded in the device.
Unsafe network services
Those unnecessary or insecure network services that run on background devices and are exposed to the Internet should be avoided. Successful exploitation of the vulnerabilities in such services could compromise the confidentiality, integrity, or availability of the data stored in the device or even allow remote access to it. The solution involves disabling those services that are not necessary.
Insecure interfaces in the IoT ecosystem
External tools to devices such as web interfaces, APIs in the backend, or cloud services can be configured in an insecure way, compromising the devices and other components managed through them. Adopting access control measures to these interfaces, filtering the inputs and outputs of the services, and ensuring communications by adding encryption algorithms are the most effective measures to alleviate the problem.
Lack of secure update mechanisms
This section includes the lack of validation mechanisms for firmware versions on devices, insecure transmission media, and the lack of mechanisms to avoid returning to previous versions. Therefore, lack of security and notification changes that are included after each update. In these cases, it is always recommended that the device be updated to check the integrity of the firmware and its origin before being installed to avoid modified versions of the firmware can be installed.
Use of insecure or outdated components
The use of insecure or obsolete software and hardware components may compromise the device. Most devices use third-party components and libraries, custom operating systems, as well as hardware components from different manufacturers. Therefore, it is important to ensure that these libraries are not obsolete or belong to a version with known vulnerabilities, as well as ensure that the hardware components do not come from a manufacturing process that has been compromised. See, as an example the problems, Intel is having lately with the different vulnerabilities in its processors such as Meltdown, Specter, or SPOILER.
Insufficient privacy protection
How user data stored on IoT devices and in its ecosystem is currently handled is insecure. It involves requesting permission. A solution to this problem maybe is to establish a policy for the manipulation of user data so that only what is strictly necessary can be accessed and always inform the client about what part of their information is accessed for each service.
Lack of security in storage and data transfer
It is necessary to use encryption algorithms when handling sensitive data. Access control must also be maintained within the IoT ecosystem. For example, in communications between the web interface of a home automation system and the devices that compose it.
Inadequate device management
It is necessary to carry out security controls on the production devices that include, among others, asset management and updates, system monitoring, dismantling policies, and secure deletion of the devices.
Default insecure settings
The default settings of the devices are usually insecure. Therefore, it is convenient to establish configurations focused on protecting the system, applying strict connections filtering policies, and permit management.
Lack of physical security
It includes the lack of controls on the physical access to the device since if an attacker obtains this access, the security measures implemented are useless. To avoid this, you must restrict physical access to the devices to authorized persons and implement additional security measures, such as camcorders or security guards.
How we can help?
Here at AppStudio, we maintain a list of top developers in different areas of the region which do help our readers to choose among the best. Additionally, We aim at raising awareness and educating the masses regarding information technology, gadgets, their uses, and risks. Our team appreciates and encourages readers to contact us for any query and always make an informed decision.
