The idea that our IoT devices might present an attractive target may seem ridiculous. What could attackers achieve by compromising my vacuum cleaner or my smart TV? Well, it turns out that simple access to those devices is a coveted prize.
Whether we’re aware or not, our homes have become smart hubs filled with intelligent devices. We have smart TVs (some with really powerful hardware), vacuums, washing machines, speakers, personal assistants, streaming devices, surveillance cameras, network-attached devices (NAS), smartphones and PCs. And that only scratches the surface of what people have inside their homes.
Any of these devices might have vulnerabilities that would allow attackers to take control or at least compromise them. While we can’t compare a compromised PC with a compromised washing machine, it doesn’t mean that laundry appliance holds no interest.
The value of IoT devices
Each IoT device we bring into our home serves a particular purpose. With a few exceptions, such as NAS or a PC, most of them don’t have powerful hardware, and they usually run proprietary operating systems. But all these devices share one thing: they are connected to the internet, and that connection makes them extremely valuable.
Sure enough, some criminals will go after a PC or NAS to steal data, launch attacks in the same network or block access by deploying ransomware. There’s no ransomware designed to hijack a smart TV or vacuum cleaner, but manufacturers still issue security patches and close potential vulnerabilities because they know the potential impact a compromised device can have.
DDoS as a business
One of the multiple illicit businesses that appeared in the past few years is DDoS (distributed denial of service) as a product. Basically, criminals offer to organize DDoS attacks for anyone willing to purchase the service. Indicate the target, pay the price, and sit back. Technical knowledge is not required. Recently, the Dutch Police sent a warning message to people who used such illegal services.
In many situations, the backbone of these DDoS networks is made up almost entirely of compromised IoT devices that now have a new purpose: to flood the criminals’ targets with requests via the internet. The device’s hardware capabilities are of little importance as long as attackers can make it to interrogate any target of choice.
Any IoT user must remember to check on hardware present in the house, see if any security patches are awaiting installation, change the default passwords, and close ports and services that aren’t used, like SSH. Of course, having an intelligent router or using the services of an ISP that both integrate Bitdefender’s IoT Security Platform is also a good idea as it can block vulnerability exploits and disable compromised IoT devices in the network without affecting any of the rest.