Fortinet’s IoT security fears come true

Fortinet’s IoT security fears come true

New group set up to combat Internet of Things security threats
New group set up to combat Internet of Things security threats

IoT security experts Fortinet have looked back to see if 2016 predictions have materialised.

Last year the FortiGuard Labs team at Fortinet made a number of security predictions concerning Internet of Things (IoT) cyber threats in 2016. Nearly nine months in, the company has released a blog post looking back to see if their predictions hit the mark.

The first prediction foresaw a rise in Machine-to-Machine attacks. Derek Manky, Fortinet’s global security strategist, argues that this is because of a tendency to stick to default security settings and passwords when using new devices. IoT-enabled devices such as thermostats, home security systems, smart cars, watering systems, and even baby monitors are often connected to smartphones for remote use. “Breaking into these devices,” Manky says, “is far too often not that difficult.”

Manky outlines how IoT search engine Shodan is being used to discover and connect to compromised devices, and even admits that “Using information from this site, we [Fortinet] have been able to successfully hijack home surveillance systems and other devices from thousands of miles away.”

These “headless” devices are being increasingly harnessed

for malicious intent. Huge swarms of accessible devices offer hackers the opportunity to launch coordinated denial-of-service attacks. In the past few months, Manky explains, “a botnet was discovered powered by over 25,000 compromised CCTV devices located around the world. These IoT devices were then used to launch DDoS attacks against websites.”

Read more:IoT security spending to reach $348 million in 2016

Fortinet concerns and ‘smart’ plug hacks

The concerns posed by Fortinet are further justified by the recent news that the team at Bitdefender successfully hacked a supposedly ‘smart’ IoT plug socket.

Bitdefender Labs uncovered the device’s susceptibility as part of their ongoing efforts to raise awareness about IoT security in the home.

The electrical socket in question is vulnerable to malicious firmware updates and can be controlled remotely, potentially putting users at risk both physically and in terms of online security. Bitdefender’s chief security researcher Alexandru Balan wrote:

“This type of attack enables a malicious party to leverage the vulnerability from anywhere in the world. Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the Internet and bypass the limitations of the network address translation. This is a serious vulnerability, we could see botnets made up of these power outlets.”