On August 02, 2018, the FBI sent out an alert about potential security flaws in Internet of Things (IoT) devices. According to the alert, IoT devices, including satellite antenna equipment, routers and even things like smart garage door openers are being targeted by cyber criminals.
Hackers Want To Exploit IoT Device Vulnerabilities
Cyber criminals are looking for ways to exploit the connection from the devices as a gateway for hacking and other cyber attacks while remaining anonymous. Unsecured smart devices are especially sought after by foreign hackers who can hijack the device to hide the location they’re attacking from and even mask the fact that an attack is really happening.
"Devices in developed nations are particularly attractive targets because they allow access to many business websites that block traffic from suspicious or foreign IP addresses. Cyber actors use the compromised device's IP address to engage in intrusion activities, making it difficult to filter regular traffic from malicious traffic," said the FBI.
Why Such Poor Security?
Many IoT devices are made with poor security, because who would’ve thought your electric toothbrush needed such a thing? Often the security on these kinds of devices, if they have any at all, consist of default usernames and passwords, making the devices extremely easy to hack.
What Cyber Criminals Can Do
According to the FBI, compromised IoT devices can be used by cyber criminals to perform malicious acts including sending spam emails, hiding network traffic, generating click-fraud activities, buying and selling illegal images and goods, conducting credential stuffing attacks, selling IoT botnets for other cyber criminals’ gain, etc.
How To Avoid Attacks
To avoid abuse from attackers, the FBI recommends rebooting smart products regularly since “most malware is stored in memory and removed upon a device reboot,” changing default usernames and passwords, and updating the software of the device to ensure patches on vulnerability are applied.
In the alert, the FBI provided a link to US-CERT security tips on how to better secure IOT devices.
A Global Concern
As the Internet of Things continues to grow and provide countless benefits to consumers, businesses and governments, the issue of cyber security in the IoT also grows, and the US isn’t the only government who has noticed. The government of the UK is pushing for more security rules on both the side of the consumer and the manufacturers. The European Union’s cybersecurity agency, ENISA, is also working on legislation around securing The IoT in the private and public sector.