The IoT is already shaping modern society in various ways. While many of these are positive aspects that result in streamlined communications, easier access to information and a greater quality of life, there are some major roadblocks in the push toward widespread IoT implementation.
One of the primary concerns revolves around the security of IoT-connected devices. A demonstration by Avast at the Mobile World Congress (MWC) in Barcelona recently uncovered a flaw in current-gen IoT infrastructure. Not only can they potentially gain control over tens of thousands of different devices, but they can also use the assembled processing power to mine $1,000 of cryptocurrency in a matter of days.
Identifying the Easiest Targets
Although Avast's demonstration didn't involve a full-scale replication, it underscores serious security flaws in the nature of current-gen IoT devices. If a widespread attack did occur, hackers would likely focus on the weakest targets.
Unsecured home networks are ideal for this sort of hack. As the average homeowner continues adding new smart-devices to the home, the hacker's job becomes even easier.
The task of hacking into thousands of unsecured home networks and taking over 15,000 or more devices might be insurmountable for a lone hacker, but a team of experts could readily pull it off and begin mining cryptocurrency without the owners' knowledge.
Some hackers might target small businesses or even larger corporations. As these networks easily contain the necessary number of IoT-connected devices, an individual could quickly gain control over thousands of different systems.
Mining, in this context, is a process of verifying transactions across a cryptocurrency-backed network. Cryptocurrency miners use various tools — including hardware and software utilities — to solve sophisticated mathematical algorithms and, as a result, generate digital monies that are tradable for real-world goods or cash.
Since coins are often used for nefarious or downright illegal activities, hackers try to use the accounts of unsuspecting victims whenever possible to maintain anonymity and cover their tracks.
Many popular coins, like Bitcoin, require advanced hardware that’s available in current-gen smart-devices. But other cryptocurrencies, like Monero, are made to harness the power of many individual machines simultaneously.
Similar Incidents in the News
A flaw like this isn't the first time that IoT-connected devices have been proven vulnerable to hacking. As reported by IBM X Force, a revised version of the Mirai botnet is programmed to take over a device and mine cryptocurrency via Linux.
Mirai is disheartening to security experts. It was the botnet responsible for a 2016 DDoS attack that caused massive service outages on sites like Netflix, Reddit, GitHub, Twitter and more.
According to a statement released by IBM X Force, the botnet gains entry into a system via the BusyBox program on Linux-based machines. Considering that Linux runs some of the largest and most popular websites, operating systems and software packages, the potential for exploitation is very serious.
Fortunately, you can take some steps to secure your network from outside threats — including the latest botnet hacks. Always make sure your devices are on a secure network and protected behind a strong password.
Update your hardware with the latest updates as soon as they're available from the manufacturer, and use software protection — like antivirus and anti-malware utilities — on smartphones, tablets, laptops and desktop computers.
To make the job even harder for would-be hackers, avoid connecting to public Wi-Fi whenever possible. Never keep your personal devices on the same network as your primary desktop or laptop, as this makes it easier for cyber-criminals to jump from one system to another.
Finally, make sure to change the default login credentials on any new device you add to the network. Many come with generic information that is easily exploited.
How the MWC Is Protecting Our Networks
The Mobile World Congress — dubbed the "world's largest gathering for the mobile industry" — is organized by the GSM Association. Sometimes known as the Global System for Mobile Communications or simply "the GSMA," the organization began hosting events in 1987. It remains the largest conference in the mobile industry, and it continues to highlight new security flaws and solutions — including problems with IoT connectivity — to this day.
Stay up to date with the trends of these devices and activity surrounding them, and you’ll have a better shot at fighting back against hackers.