New IoT devices are being added in industry and home use. The big question that arises: what level of security do they have?, are we exposed to Hackers?
By Osvaldo Callegari*
The best way to secure the devices is to observe what the big companies do and what they recommend, this in the end is the start of a new business of those who are on the right side and those on the other. They feed back, a new security breach arises, it becomes necessary to employ a person who is responsible for investigating and solving the problem. The same back and forth as always.
Within the guidelines that appear on the table, we have the advice of Microsoft and other companies.
Recommendations to ensure IOT in the company
There are other steps an organization can take to protect its infrastructure and network from similar activities. Microsoft recommends the following actions to better secure and manage the risk associated with IoT devices:
• Require approval and cataloging of any IoT device operating in your corporate environment.
• Develop a custom security policy for each IoT device
• Avoid exposing IoT devices directly to the Internet or creating custom access controls to limit exposure.
• Use a separate network for IoT devices, if possible.
• Perform routine configuration/patch audits against deployed IoT devices.
• Define policies for isolation of IoT devices, preservation of device data, ability to keep records of device traffic, and capture images of devices for forensic investigation.
• Include IOT device configuration weaknesses or IoT-based intrusion scenarios as part of Red Team testing.
• Monitor the activity of IOT devices to detect abnormal behavior (for example, a printer browsing SharePoint sites...).
• Audit the identities and credentials that have authorized access to IOT devices, users and processes.
• Centralize asset management/configuration/patches if possible.
• If your devices are deployed/managed by a third party, include in your contracts explicit terms detailing security practices to be followed and audits that report on the health and safety status of all managed devices.
• Whenever possible, define the terms of service level agreements in IOT device vendor contracts that establish a mutually acceptable window for investigative response and forensic analysis to any commitments involving your product.
A dangerous virus
Among the viruses that swarm the market and attack IOT devices we can mention Mirai, a malware of the family of botnets intended to infect the computers forming the IOT:
• The main objective of this malware is the infection of routers and IP cameras, using these to perform Ddos-type attacks. The Mirai botnet has been used in some of the largest and most abrupt Ddos attacks in history, including the one on Brian Krebs' website, and on provider Dyn in October 2016.
• The operation of Mirai is known thanks to the publication of its source code in various hacking forums. This has allowed their techniques to be adapted to other projects.
Mirai continuously scans ioT-linked devices and infects them by accessing via telnet with the access credentials that come by default, loading its malicious code into the main memory of the device, in this way it is infected until it is restarted. Mirai includes a table of netmasks that it does not infect, including private networks and addresses belonging to the United States Postal Service, the Department of Defense, IANA, Hewlett-Packard and General Electric.
List of countries infected with Bot Mirai virus
| Country | % of BOT NET MIRAI infections |
| Viet Nam | 12.8% |
| Brazil | 11.8% |
| United States | 10.9% |
| China | 8.8% |
| Mexico | 8.4% |
| South Korea | 6.2% |
| Taiwan | 4.9% |
| Russia | 4.0% |
| Romania | 2.3% |
| Colombia |
1.5% |
Beta Scan Tools (tested)
Kaspersky IoT Scanner: find and patch: to make it easier for users to find vulnerabilities in smart devices connected to the home network, we have created a specialized application: Kaspersky IOT Scanner*.
The Android app scans your home network, lists connected devices, and points out common vulnerabilities. After installation, IOT Scanner scans your home network and locates all the devices connected to it. The app then analyzes the specific Ports of those devices and detects which are open and which are closed.
If IOT Scanner detects open ports that are potentially dangerous, it will notify the user to close them and patch the hole.
Figure 1.
However, there are two challenges. First of all, the IoT market is extremely varied and creating a step-by-step manual for each device would be impossible. You'll need to look up the user manual of the device on which IOT Scanner found the open port and see how it closes.
Second, not all devices allow port closure. We think that, if a device in your home does not have such a feature, you should rethink if you really want it. Maybe you'd rather sacrifice some of your comfort in exchange for reducing the chance of being hacked? In any case, it's your decision. IOT Scanner only warns of possible vulnerabilities.
Pig, little pig, let me in
Kaspersky IOT Scanner has two other useful features. In addition to analyzing the network, it notifies you of all the devices that are connected to your router. You can check the list and find out if someone unwanted is connected (to steal bandwidth or, worse, spy on you). You can eject the uninvited person using the access point's user interface.
Figure 2.
IOT Scanner also detects and scans the ports of any new device that connects to the network, checks for ports that are unnecessarily open, and notifies you. So, you'll always know if a new device is connected (what if it's not yours?) and check how safe it is.
(Clarification: Kaspersky IOT Scanner is an open Beta version available only in Russian and English in a limited number of countries: Russia, USA, India, Australia, United Kingdom, South Africa, Canada, Indonesia, Taiwan, Belarus and Kazakhstan. The future development of this product will depend on the results of this beta testing phase.)
Antivirus for IoTa
Below is a list of antivirus companies that are making their way to protecting Devices from the Internet of Things:
1. Norton Core
Multi-layered security for your network and IoT devices.
Easy to handle through your smartphone.
Superior performance: up to 2.5 Gbps.
Includes one year of Norton Security.
Your router is the least secure device in your home. When it comes to your home network, your router works as a gateway, connecting all IOT and Web devices together.
If any items are hacked, no device in your home will be safe. Even with a strong password, hackers can find a vulnerability at another network entry point, such as an unsecured IoT device.
Norton Core is a secure Wi-Fi router that protects your network and IOT devices from cyber threats. It combines the military-grade techniques used in Symantec's high-end enterprise products, such as deep packet inspection, intrusion detection, and comprehensive data encryption, along with Symantec's Global Intelligence Network to defend against malware, viruses, and other threats.
Norton Core automatically updates against the latest threats and is extremely easy to set up and use. Core examines connected devices, identifies vulnerabilities, and defends IoT devices from threats.
The Core app makes security easy. It monitors the data of your connected home and if there are any problems, Core will immediately alert you with solutions, knowledge and tools.
Norton Security usually comes with the device and is one of the most powerful antivirus products on the market.
2. Box Bitdefender
• Stops network-based attacks
• Protects IoT devices
• Comes with Bitdefender antivirus
• Does not reduce network performance
• Works with your Wi-Fi router
• Advanced parental controls
Simply plug the controller into your router and it will immediately start monitoring internet traffic, inspecting all data entering or leaving your network and stopping brute-force attacks to guess passwords.
It also adds a firewall, which acts as the domestic equivalent of a powerful enterprise security appliance. Its protection capabilities against advanced attacks such as SQL injection (a code injection technique that attacks data-driven applications), route traversing (taking advantage of insufficient security validation), and the inclusion of local files.
Every time a new device connects to the network, it receives an alert. A vulnerability assessment of devices across the network can also be performed to see if there are any issues. If anomalous behavior is detected, the system shuts down traffic to prevent sensitive information from leaving the network.
• It has encrypted updates to prevent malicious loads.
• Another feature is parental filtering protecting from pages with threats.
3. F-Secure
• Multi-layered network protection
• F-Secure Sense is a Wi-Fi router that also functions as a security device to simultaneously protect any number of devices connected to your local network.
• By combining a router, security device, and local malware protection software, F-Secure Sense adds multi-layered protection to your network. When combined, these multiple layers protect all devices, regardless of whether they have an antivirus installed.
• Although it may lack advanced features like parental controls, a guest LAN, and a Wi-Fi protected setting, its affordable price makes F-Secure Sense perfect for an apartment or small house.
• In addition to protecting your network and IoT devices, it includes an annual antivirus subscription (see user reviews) to protect up to 25 laptops, PCs, and mobile phones.
Comments and analysis
While threats to IoT devices are very early, it is healthy to consider options and experiment with trials in controlled environments in order to offer the most practical way to protect them.
In the following article we will address real cases, they will be anonymous of course, since customers do not want to expose their vulnerabilities. The processes are very incipient but not of less damage than a virus in a computer. Disruption in automated systems can be more complex and arduous to solve. Standards will need to speed up their march to achieve further countermeasures at best.
The data, names and brands mentioned are records of their own authors, technical references from Wikipedia, Sans Org and Safety Detectives by Sophie Anderson, Kasperky Permissions through SysPertec.
* To contact the author of this article write to [email protected]
Leave your comment