Portnox CEO, Denny LeCompte, is a great blogger on IoT, security and cold drinks.
The Internet of Things is any device other than a computer that connects to the internet, and today, it includes everything from a Fitbit to a refrigerator.
Just like the internet, IoT devices are amazing tools to make our lives better, and as they make our lives easier, they open up opportunities to disrupt, annoy, and disrupt. back to us.
When you consider the applications of the Internet of Health Things, for example — doctors monitoring their patients’ vital signs in real time, or adjusting medications on the fly — a It’s easy to marvel at the wonders of our new creations. Then you go to fill up your car and you’re tormented by a message on the small scratched surface of the gas pump, and between the aspirations of taking the hammer, you wonder what the people who developed this new world plague.
It all started with a cold drink
Long before the internet was the cause and solution to all of the world’s problems, in the early 1980s a computer science professor at Carnegie Mellon discovered a vending machine that could connect to ARPANET . Tired of walking around to the machine from his office only to find it empty — or worse, only warm soda — he and a couple of students wrote a project to show the machine’s innards and the fact that the bottles are caught. where it takes a long time to get cold from the engine’s refrigerator. And so the first IoT device was born.
From this inauspicious beginning, a phenomenon was born. According to Statista, by 2022, there will be approximately 13.14 billion IoT devices connected to the internet, with predictions of 29.42 billion in 2030.
See: Price Basket: IoT Developer (TechRepublic Premium)
Lurking in the shadows
Along with the rise of IoT devices, there has also been an increase in cybercriminals using them as a means of attack. The appearance of the devices themselves makes them an attractive target: They are designed to be very easy to install, which means that the user can point them to the network without knowing anything.
This is common so there is a word for it: Shadow IoT. In an Infoblox survey, 80% of IT leaders found IoT devices on their networks that they were unaware of.
It doesn’t mean that the manufacturers are doing a good job in the easiest way to safety. Patches and firmware updates are slow to arrive, if at all. Most IoT devices do not have a mechanism to check and install regular updates. What’s worse, many devices come with standard administrator logins that don’t require you to change the password.
After all, it is not surprising that these devices are at the center of many data breaches.
Malicious potential, botnets and API calls
IoT devices are an attractive target to build botnets for a Distributed Denial-of-Service attack.
The Mirai malware was created for this purpose in 2016. It scanned the internet for IoT devices running on the ARC processor (1.5 billion devices as of 2014) and then tried a powerful attack and a database of common factory default indicators. Once logged in, the device continues to work – thus hiding the activity – but under control from a remote viewing server. It was mainly used to download the DYN DNS server, which affected Amazon, Github, HBO, Netflix, Reddit and many other popular sites on the internet.
In 2021, many users of Western Digital’s My Book Live will find that their storage units have been wiped, sometimes erasing years of data. The root is a function in the REST API that allowed the execution of remote commands. This feature was reported three years ago, but was shut down by Western Digital because the hardware was no longer supported.
Security cameras in some Tesla warehouses owned by a security startup called Verkada were also involved. I won’t use the word “hack,” because it’s too expensive for bad actors, because they’ve found the operator’s credentials online. This led to access not only to Tesla, but to other well-known companies and all video networks – including Equinox and Cloudflare.
Who is watching the guards?
Although these data breaches have been noticed by regulators and professional organizations, there may be changes in the law to prevent the benefit of the botnet or the next API.
Given the scope of these breaches, and the attractiveness of IoT devices as targets, should you run home and unlock every smart device you own? Not only that, but the most important thing here is that the onus of security rests on you as the end user.
Denny LeCompte is the CEO of Portnox.