LONG-AWAITED
CRISIS IS HERE AND MANY DEVICES AREN'T READY
YOU KNOW that Internet of Things devices like
your router are often vulnerable to attack, the
industry-wide lack of investment in
security leaving the door open to a host of abuses. Even decades, content
and web services firm findings that it has observed attackers actively
exploiting a flaw in devices like routers and video game consoles that
was originally exposed in 2006.
Attackers
are actively exploiting these weaknesses not to attack the devices themselves,
but as a jumping off point for all sorts of malicious behavior, which could
include DDoS attacks, malware distribution, spamming/phishing/account
takeovers, click fraud, and credit card theft. This creates elaborate
"proxy" chains that cover an attacker's tracks, and create what
Akamai calls "multi-purpose proxy botnets."
Down With UPnP
UPnP helps devices on a network find and
essentially introduce themselves to each other, so that a server, say, can
discover and vet the printers on a network. You can find it both on internal, institutional networks and on the larger
internet, handling things like IP address routing and data flow coordination.
UPnP works with and incorporates other network protocols to negotiate and
automatically configure these network communications, and it can be used when
applications want to send each other large quantities of data to facilitate a
sort of unrestricted fire hose—think video streaming, or a gaming console
talking to its web server.
Uptick in Attacks
UPnP attacks haven't been around. Last month, for example, Symantec published evidence that
an espionage group it tracks known as Inception Framework uses UPnP proxying to
compromise routers and obscure its cloud communications. But observers note
that the strategy is probably not more common because the schemes are difficult
to set up.
The whole point of proxying is to cover your tracks, so a lot is
still unknown about how attackers use UPnP proxying and for what. But Akamai's
goal is to raise awareness about the problem to ultimately reduce the number of
vulnerable devices that exist.
Internet of Threats
·
Internet of Things security is still not enough of a priority-A big part
of the problem is that every device is a black box, we don't know what code these
things are running and it's all proprietary (aka unvetted) -This means that
even when the tech industry develops and agrees on a standards and protocols,
IoT manufacturers that aren't focusing on security can still implement them in problematic
ways, leading to vulnerabilities.
·
Online banking accounts and other services
involving sensitive content are obvious criminal targets and are vulnerable to
spyware, phishing, malware scams and identity theft.
·
Connected, 'smart cities' are one of the
hoped-for benefits of the IoT, but they will also inevitably mean
cybercriminals and cyberterrorists trying to gain control of city services like
lighting, traffic control and emergency systems.
Hello, my name is Jack Sparrow. I'm a 50 year old self-employed Pirate from the Caribbean.
No comments:
Post a Comment