IoT Devices Can Be Hacked in as Little as Three Minutes

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Those apocalyptic Mr. Robot episodes are slowly becoming a reality as IoT devices are spreading not only in our homes but also across enterprise networks, providing access points into networks that often control critical services.

With 6.4 billion IoT devices already online, researchers estimate that over 20 billion IoT devices will be connected to the Internet by 2020.

That's why many security experts argue that now is the time to make sure that IoT security is taken seriously before it will be too late.

Of course, there are those that who think it's already too late, citing the massive DDoS attacks that have pummeled OVH, KrebsOnSecurity, and most recently Dyn, all carried out with a botnet of unsecured IoT devices.

But let's not carried away by the recent media hype. Hijacking IoT equipment for DDoS attacks is only one of the many ways attackers can use IoT devices against a target.
IoT devices are becoming Achille's heel of enterprise networks
As leading IoT security firm ForeScout explains, attackers can also use IoT equipment as pivot points in corporate networks, using them as entry points to breach sensitive servers and steal data undetected.

Employing the service of renowned hacker Samy Kamkar, ForeScout says that it generally takes an intruder under three minutes to hack an IoT device.

In most of these cases, the vulnerability resides in the continued use of default passwords for the device's management interface. Even if the device is not exposed to the Internet, sysadmins have to change the default.

In fact, one of the best security advice is to change the default password of any device, not necessarily IoT equipment.

Even after changing default logins, IoT devices should be safeguarded
While Kamkar says that some devices might take more than three minutes to break in, hackers eventually find a security flaw which they can expose, mainly due to a lack of regulation in the IoT field, where companies aren't penalized for failing to fix their software.

This is why companies are advised to place such devices behind technologies such as firewalls, intrusion detection systems, intrusion prevention systems, or network access control systems.

While some news sites might continue to insist that DDoS attacks are the main danger from unsecured IoT devices, the truth is that DDoS attacks are the best case scenario.

For more details on some of the ways hackers can exploit IoT security flaws, you should take a look at ForeScout's IoT Enterprise Security Risk report.

 
L

LabZero

What happened Friday, October 21, to sites such as Spotify, Twitter, Reddit, Netflix etc, is the result of a huge number of devices connected to the network. When a good part of these is not secure, as the new objects of the Internet of Things, the risk is that an attack of this kind could be repeated at other times and the consequences could be worse.
 
  • Like
Reactions: DardiM and frogboy

Myriad

Level 7
Verified
Well-known
May 22, 2016
349
Speaking as an electronics tech , I recommend a Brogan adjustment on any such devices .

The Brogan adjustment :-

Step[1] Take IoT device outside
Step[2] Remove one shoe
Step[3] Use heel to thrash the living daylights out of device
 
Last edited:
  • Like
Reactions: DardiM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top