Your IoT Device Could Be Part Of A DDoS Botnet, Here's How To Shut It Down

terminator nest 626px small
The web is becoming the wild, wild west all over again it seems. You could argue the Internet's always been a potentially dangerous place, but with the proliferation of smart devices becoming increasingly commonplace, cybercriminals now have more points of entry into home networks than ever before. Smart home automation gadgets collectively comprise much of what's referred to as the Internet of Things (IoT), and just like your PC, they can be silently hijacked and enlisted into a botnet, a malicious network of systems under the control of a foreign party.

Individually, all these smart lighting, media streamers, Nest thermostats, and other IoT gadgets don't pose a major threat, just as a single ant won't going to ruin your picnic. But when working together in large numbers, the threat is not only real, it can be unprecedented. Imagine a massive army of ants marching from all directions onto your blanket and swarming that peanut butter and jelly sandwich. Strength in numbers.

We saw this play out just last week when, heading into the weekend, renowned security journalist Brian Krebs lost a battle against angry hackers who hit his security blog, KrebsOnSecurity, with the largest, most wide-scale Distributed Denial of Service (DDoS) attack the world has ever seen. The attack brought in a record 620 gigabits per second of traffic, nearly twice the largest that his cloud provider Akamai had ever defended against. An attack of that magnitude was made possible by commandeering IoT devices, millions of which are now out in the wild, and some of which could be in your home or office.

Things are only going to get worse. Security vendor Symantec notes that malware targeting IoT devices "has come of age," adding that the number of attack groups focusing on the IoT sector has multiplied just in the past year alone.

"IoT attacks have long been predicted, with plenty of speculation about possible hijacking of home automation and home security devices. However, attacks to date have taken a different shape. Attackers tend to be less interested in the victim and the majority wish to hijack a device to add it to a botnet, most of which are used to perform distributed denial of service (DDoS) attacks," Symantec said.

Is My IoT Device Part of a Botnet?

Asus Router System Log2

If you own a smart device, you might already be part of a botnet and not know it. There aren't always obvious signs, and because many IoT devices employ poor security, they're relatively easy targets for hackers.

"Most IoT malware targets non-PC embedded devices. Many are Internet-accessible but, because of their operating system and processing power limitations, they may not include any advanced security features," Symantec explains.

So how can you tell if your gadgets are part of a network? Most botnets use a control platform and the IP addresses associated with that platform are usually known. There are a number of resources for malicious IP lists but you can reference them here and here, among other places. You can monitor the network traffic on your router to see if those IP addresses pop up. Depending on your actual network settings and configuration, this can be trivial or complicated. Since there are many different makes and models of routers, your best bet is to consult your model's documentation on how to view network traffic.

How Can I Protect Myself?

Nest Thermostat
Image Source: Flickr (Jeff Wilcox)

In a rush to make a quick buck in the IoT sector, many device makers put a higher priority on getting their products to market rather than making sure they're secure from outside threats. That includes using widely known default usernames and passwords. The very first thing you should do on all of your devices, including (and especially) your router is to change one or both (preferably both if it's allowed).

Common usernames to avoid are root, admin, DUP root, ubnt, access, DUP admin, test, oracle, postgres, and pi, which comprise the top 10 brute-force usernames used against IoT devices. And the top passwords to avoid include admin, root, 123456, 12345, ubnt, password, 1234, test, qwerty, and raspberry.

Changing the default password on your Internet connected devices can go a long way towards keeping the bad guys out, but it's not the only thing you should be doing. Here are some other tips that will ensure better security of your home or small office network:
  • Research potential IoT purchases for security weaknesses before purchasing
  • Use strong and unique passwords, both for device accounts and Wi-Fi networks
  • Use a strong encryption method when possible when setting up Wi-Fi, such as WPA
  • Disable features and services on your IoT device that you don't plan to use
  • Disable Telnet login and use SSH whenever possible
  • Modify the default privacy and security settings of IoT devices based on your specific network
  • Used wired versus wireless connections whenever possible
  • Check often for firmware updates, for all devices and your router
  • Make sure that a hardware outage doesn't make it unsecure (and disconnect it if it does)
The takeaway from all this is that you need to be proactive in securing your home or office network. It's easy to assume that device manufacturers have already taken the necessary steps to lock down their smart gadgets, but that's often not the case. That's not to say you should fear the IoT movement, just make sure you know what's going on in your network.