The Curse of IoT: The World Wide Web Can Outlast a Nuclear War... but fails at Smart Toasters

[vc_row][vc_column][vc_custom_heading][vc_column_text]The Internet of Things (IoT) began to conquer the world with… a toaster. During a conference in 1990, US software and network expert John Romkey along Australian computer scientist Simon Hackett connected a toaster to the Internet. The result? The device could be switched on and off remotely. Meanwhile, the variety of IoT-compliant devices connected to the Internet via networks or cloud-based platforms ranges from wearables such as smartwatches to RFID inventory chips – and of course, a few smart toasters...[/vc_column_text][vc_column_text]The close interconnection between the physical and the digital world increases the comfort of our everyday life. We enjoy being greeted by a fragrant cup of coffee in the morning, prepared just in time by our smart coffee machine, reminded by our equally smart refrigerator it’s time to restock, and being shown how to avoid the worst traffic jams on our way to work thanks to intelligent navigation systems. In the business world, the Industrial Internet of Things (IIoT) helps companies to understand consumer needs in real-time, to improve machine and system quality during operation, and to streamline supply chains. In other words, the IoT is the perfect network of technologies for a pleasant and successful life as seen in many advertising clips. Or is it?[/vc_column_text][vc_column_text] Well, not entirely. Unfortunately, there’s quite a catch: cyber-criminals can to penetrate systems. Far too often, these products present , are left permanently on and online, are rarely monitored and often . The clandestine takeover of IoT devices begins with the exploitation of a vulnerability when the attacker takes control of the system and . The hijacked devices are usually controlled via Command-and-Control-Servers (C&C-Server). The attackers who control the newly created botnet are called botmasters or bot herders. 2009 is the year was discovered. With increasing digitalization, the number of botnets and attacks also grew significantly. A series of attacks by the Linux malware "" in the fall of 2016 became particularly well-known, most notably the attack against the DNS provider Dyn on October 21: Dyn's DNS infrastructure and connected services among which Twitter, Reddit, GitHub, Amazon, Netflix, Spotify, Airbnb were , and Dyn lost eight percent of its managed service business as a result. Since then, the number of discovered botnets has grown exponentially.[/vc_column_text][vc_single_image image="7819" img_size="full" media="3432" media_width_percent="100"][vc_column_text] There are several infection vectors for a bot or botnet: [/vc_column_text][vc_column_text] Around the year 2000, the Internet of Things began to take shape. Initially, it was primarily used in the business world for for instance. In the meantime, it has also become part of our private life: IoT has developed from architectures based on passive devices to a. However, it also has grown to become both more successful and , with attacks having a much greater impact now. In the mid-2000s, IoT devices could only be attacked directly via an Internet connection and therefore , however the increasing interconnection of devices created a . While the use of Universal Plug and Play (UPnP) simplifies the connection and control of network-compatible devices from different manufacturers, it also : For example, malware that has infected a computer can render the firewall of a UPnP-capable router ineffective. Due to the and the ability to , the number of practical tools assisting us in our everyday life has increased . Thus, the potential impact of infections by malware that enters the private IoT network via the cloud has also increased, for example through . A single vulnerability in the cloud can be used to attack a myriad of devices, as the  in 2018 demonstrated.[/vc_column_text][vc_single_image image="7820" img_size="full" media="3443" media_width_percent="100"][vc_column_text] This is why in this booming industry, the manufacturers of IoT devices must be particularly . The Chinese OEM Xiongmai to more than 100 vendors of surveillance cameras, digital video recorders, and network video recorders worldwide.  and discovered a security vulnerability using , a . The vulnerable cloud feature "" was active by default and therefore . This example demonstrates how important further development ands is, and that producers of IoT devices must be held accountable to comply with these norms. The , a feature of IoT Inspector, offers IoT device providers the possibility to test if the products they want to distribute breaches existing security requirements.[/vc_column_text][vc_column_text border_color="color-nhtu"] With the increasing digitalization, through just one vulnerable IoT cloud, command and control communication is hidden in regular cloud communication protocols, providing bot herders a convenient way to bypass network access control – ultimately allowing them to . Becoming part of a botnet is not an because even the cleverest cybercriminals can’t do magic. They take advantage of the of many users and the thriftiness of some manufacturers when it comes to implementing IoT security. Protecting oneself from a bot infection is not witchcraft. Let’s simply use the same measures as those we take to protect our devices against other IT threats.[/vc_column_text][vc_column_text border_color="color-186025" border_style="solid" css=".vc_custom_1602589597892{padding-top: 10px !important;padding-right: 10px !important;padding-bottom: 10px !important;padding-left: 10px !important;}" el_id="checklist"] Take stock of and analyze the firmware of your existing IoT devices. Analyze the firmware of your IoT devices during the procurement process. Monitor the firmware of your IoT devices for vulnerabilities. The adjustability and automatization of the firmware security analysis of IoT devices are crucial.[/vc_column_text][vc_column_text]To learn more about how you can , please .[/vc_column_text][/vc_column][/vc_row]