One of the more unorthodox and interesting ways that hackers can perform a DDoS attack is through the backdoor of millions and millions of improbable devices from Fridges to Coffeepots. Using the fast emerging Internet of Things (IoT) hackers can take control of vast amount of hardware to send out their malicious attacks.

IoT-DDoS-BackdoorOn many newly manufactured products: from smartphone controlled thermostats, smart aquariums, and GPS trackers on pets to other autonomous technology such as wind turbines and forest fire detection sensors, there is a built in provision for connection to the Internet. So much so, that HTML protocols for all sorts of weird and wonderful things exist; even coffeepots!

The advantages to connectivity for the more banal items in our households are obvious and numerous – but the problems equally so. The increasing standardization of ARM architecture, present in most IoT-capable hardware, is removing one of the biggest barriers to a hacker, which was that previously nearly every instance had its own bespoke operating system.

However, warns Sophie Davidson, writing at Smart Data Collective, new IoT items are not just a target in themselves for attackers. The more dangerous option exists in such devices being recruited into a botnet for DDoS attackers to accumulate for nefarious purposes. Due to the very nature of such devices, an infection in a long-forgotten sensor for example, may take an extremely long time before the user of the infected machine is aware there is anything wrong. Billions of these devices are already in action with the growth in IoT devices expected to be huge. The developers of DDoS tool-kits, like Spike, can potentially build up a botnet army comprising of a number of botnet-zombies that massively dwarf anything possible by PC-based botnets.

There are some security measures that are available to IoT administrators.

Access Control List (ACL)

If the manufacturer has forgotten to specify permissions then this needs to be set as soon as possible. Extreme caution as to who is allowed read/write permission should be exercised.

SNORT

An open source program like Snort can be utilized for the layer-7 Get flood. This can exclude and inform about Get requests that fit the Spike signature.

System Hardening

For ARM and IoT in general.

YARA Rule

This format identifies and shares information inside the files.

Currently, IoT platforms as launching pads for a major DDoS attack are a small way off. Only a few attacked have been conducted so far and most of these were relatively insignificant. However, as the IoT becomes more prevalent, and key: more standardized, then more and more opportunities may present themselves as time goes on.

The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: “Security is not a product, but a process.”

Leave A Comment

Please enter your name. Please enter an valid email address. Please enter message.