There has long been concern about the issue of insecure IoT devices, and the ability of malicious parties to hijack them to carry out cyber attacks. The October 22nd Mirai cyber attack on the Internet traffic management company, DYN, was a wake-up call for the industry. It disrupted Internet service in many areas of North America for several hours, affecting millions of users. However, it’s only a taste of what could happen in the future as IoT devices proliferate.
All about password and device management
The key issue is a known and unfortunately commonplace problem: improper password management. But it isn't simply user negligence, as is usually the case. The compromised IP cameras and digital video recorders (DVRs) allowed users to change the default usernames and passwords. However, there was an administrative backdoor that allowed the Mirai malware to use Telnet or SSH to bypass the user account and take over the root level of the devices. The admin level password was hardcoded into the firmware and beyond user control.
This attack highlights the need for more robust security standards in the industry at large. Before devices can connect to the Internet, they should meet minimum standards for security, which these affected devices clearly did not. For service providers, it argues for a network based IoT security solution.
Nokia's Threat Intelligence Lab: Spike in telnet failed login attempts that coincided with Mirai botnet attacks in October
Don’t wait for the next attack to act
Nokia IoT security solution is embedded in the service provider network, where it continuously monitors the network and detects malicious traffic coming from IoT and other devices. While some malware can evade client-based anti-virus protection, it cannot modify the network communication patterns that our network based endpoint security monitors. The solution analyzes all infections and their impact on customers and the network to enable the right countermeasures within the shortest possible time.
From a mitigation perspective, early detection of malware like Mirai based on network traffic would allow for infected IoT devices to be throttled. They would thus be blocked from communicating to the command and control IP or remotely updated with security patches, making it more far more difficult to use these devices to launch DDoS attacks.
The next step would be to secure the hijacked IoT devices themselves, because the security problems reside on their firmware.
- Authentication of device credentials
- Authorization/access control for all endpoints
- Secure, encrypted communications with digital signatures
- Ensuring and testing for data integrity
- Protecting data on the devices
- Applying security fixes remotely
In the mobile industry, SIM credentials have typically been used to ensure the security of the device’s connection, but other methods are also available, including certificate-based credentials for end-to-end encryption, securely-generated and regularly-changed passwords, and digital signatures.
IoT holds immense promise for improving our lives, but the technology has to mature. Part of IoT’s evolution will be adopting the same approaches to security that network operators currently use for other kinds of devices. Let’s not wait for the next attack to act.
Share your thoughts on this topic by replying below – or join the Twitter discussion with @nokianetworks using #IoT #telcosecurity