How to Avoid Having Your IoT Devices Enslaved in a Botnet

With all the hoopla surrounding various forms of malware attacks like DDoS attacks, spear phishing, ransomware, rootkits, worms, viruses, and much, MUCH more, it might surprise you to know that while the good guys are busy guarding the front door against all manner of hackers, the back door is standing unprotected and wide open for anyone who wants to use it. We’re talking about the Internet of Things (IoT), primarily CCTV and webcams, which offer an incredible amount of unprotected, connected, high-speed bandwidth ripe for the taking to any hacker with the motive and the necessary motivation to create a botnet. If you’re interested in learning how to keep your IoT devices from getting caught up in one of these nasties (and you should be), keep reading.

Rise of the Machines

Our homes have grown smarter over the the past decade: security systems with cameras and sensors, smart refrigerators that tell us when we’re out of milk, electronic personal assistants to adjust the temperature in the house, or light bulbs that dim themselves are just a few examples. Somewhere along the way, however, we missed the reality that these are not just appliances but also high-functioning computers with high-speed internet connection, and they have almost no security features to protect them from hackers.

A Delaware jewelry store found this out the hard way when their website was swarmed with a DDoS attack. Nothing new there. These kinds of cyber shenanigans are commonplace. Bad guys pound a server with a non-ending series of simultaneous requests until the web host is overwhelmed and the website becomes nonfunctional. What was different about this case was that rather than using traditional computers to carry out the attack, these hackers linked together 25,000 closed-circuit security cameras operating on a high-bandwidth internet connection from around the world into a botnet and targeted the jewelry store.

Hackers Love the IoT

As to why hackers have shown a sudden preference for using smart appliances to do their dirty work, it’s a lot easier. While desktop and laptop computers and smart devices like tablets and phones have every form of antivirus and anti-malware already on board, IoT devices are relatively unprotected. Once again, it’s a case of the bad guys following the path of least resistance. It’s sort of amazing that the industry has suffered from this blind spot for so long, especially when you consider that a smart appliance is actually a pretty sophisticated piece of equipment, analogous to having a bunch of stray, unprotected computers sitting around your house.

As mentioned, internet accessible cameras like those in a security system or even the webcam on your laptop are hacker favorites in a majority of botnet cases. The obvious question becomes why aren’t these IoT devices better protected? The just as obvious answer is that it’s because they weren’t built that way. Design constraints have prevented the installation of firewalls, antivirus, or anti-malware software. In short, traditional security approaches don’t work and, until recently, the industry has stuck its collective head into the sand.

Fighting the Botnet

Now that you’re properly fearful of hackers enslaving your IoT devices for their own nefarious ends, let’s come down off the ledge and talk about what you can do. Bleak as the picture may look, you’re not defenseless.

#1. Register for Updates: While it’s true that IoT device manufacturers have been slow to respond in the area of updates, it’s picking up speed. Get proactive in finding and applying updates.

#2. Check Vulnerabilities: Google the name of your appliance and the word “vulnerabilities.” If something scary comes up, consider getting a different, safer appliance.

#3. Engage Security Settings: Too many people presume that since their IoT device carries little sensitive data, there’s no need to engage the security settings it does have. Wrong! Change the default username and password and turn off the features you don’t use. Remote access, while handy, can be an invitation to bad guys to have a party on your network.

#4.Secure Outbound Traffic: Run all outbound traffic through a VPN and lock that sucker down with all the security bells and whistles you can find.

The Bottom Line

The good news is that the IoT industry is starting to wake up and realize they have a problem. The bad news is that you’re going to sort of be on your own until manufacturers have had time to incorporate more robust security into their products. The specific steps mentioned above are a good start, but you need to change your mindset as well. Think like a criminal and then plug the holes they would use.