A major law enforcement organization is warning about the growing dangers of the Internet of Things for the second time this year.
“Cyber actors actively search for and compromise vulnerable Internet of Things (IoT) devices for use as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation,” the FBI warned consumers on the 2nd of August.
The alert told owners of connected devices including “routers, wireless radios links, time clocks, audio/video streaming devices, Raspberry Pis, IP cameras, DVRs, satellite antenna equipment, smart garage door openers, and network attached storage devices” that their computing power could be hijacked and used to engage in a variety of deceptive or illegal activities including spam, click-fraud and the trade of banned images or goods.
Hackers can also take control of these devices from almost anywhere in the world to help hide their location while waging attacks and fraud or to cloak whether these activities are happening at all. Users could then suffer spikes costs in Internet usage along with slowed connections or problems with devices.
“Cyber actors typically compromise devices with weak authentication, unpatched firmware or other software vulnerabilities, or employ brute force attacks on devices with default usernames and passwords,” the agency warned.
The FBI announcement follows a similar advisory from Interpol, the world’s largest international police organization, from February of this year.
“All devices which can connect to the Internet – collectively called the ‘Internet of Things’ or IoT – are potentially at risk of a cyberattack,” that Interpol release noted. “Everyday personal items like video cameras, refrigerators and televisions can be used by cybercriminals for malicious means.”
F-Secure began 2018 by sponsoring a report — “Internet of Things: Pinning down the IoT” — from the Cyber Security Research Institute that found the IoT represents a considerable threat to consumers due to inadequate regulations regarding security and privacy.
Given that number of connected home devices now exceeds the human population of earth and these devices are not required to meet any security standards nor are regularly replaced, it’s no wonder that they have become a target for “malicious cyber actors.”
Both the FBI and Interpol seem to be advising consumers to do more than just take security precautions but to also adopt a new way of thinking. A world where almost everything in our homes or offices connects to the internet requires protecting our homes and offices with at least the same diligence we apply to securing our PCs.
The FBI offers a list of security precautions that includes rebooting your devices regularly and changing default usernames and passwords while linking a “Security Tip” from US-CERT on Securing the Internet of Things.
Notably it also recommends to isolate IoT devices from other network connections. This echoes a suggestion from Sean Sullivan, F-Secure Security Advisor, who suggests setting up a Wi-FI “guest” network for PCs, tablets and phones that go online and then putting all of your other connected devices on a another secure router, like F-Secure SENSE.
There are many steps users can take to secure these devices but most people, it seems, are doing nothing or little thus far to correct this growing security issue. And that’s why the FBI and Interpol are both sounding the alarm.