0wn1ng the skies using IoT worms
Internet of Things (IoT) -connected devices are on the rise and if you do not own one now, you will - sooner rather than later. Ranging anywhere from a refrigerator to an Amazon Echo, they are becoming common household items.
Development of IoT is fierce and quick as demands rise, which can come at a price: code is often sloppy and full of security holes, making devices vulnerable. Even worse, there is no real security standard governing this development. Nor is there any virus or end point protection available. Updating firmware can be difficult and users may not even realize that there are programs and/or code that need patching or regular updates.
Many are also leveraging the convenience of wireless to function, which can also open up the potential for a plethora deploying malware.
In most cases IoT devices are encrypted and protected using keys. However, instead of using unique keys for each, developers are sharing the same key across all devices. This causes a huge risk, if hackers successfully enumerate the common key and then have access to all devices using it.
ZigBee is a commonly used wireless IoT protocol, used in light-bulbs and many other devices. It has a feature to upgrade firmware remotely. Keeping it secure, the remote flashing device must be in close proximity to the IoT. While initializing a firmware upgrade, ZigBee checks the signal strength of the flashing device. However, this check is flawed and can be over turned, allowing flashing from distances of 100 meters or more.
Another interesting tidbit regarding ZigBee, is that it is communicating on same frequencies as regular WiFi networks.
So, why am I telling all this?
Think of someone developing a worm, able to propagate through IoT devices which are using common keys and no malware protection. Think about deploying this worm in a very large city, infecting millions of devices without being detected and then deploying a subsequent DDoS attack affecting the entire WiFi band in this city. The damage would be immense.
Wake up world! It is just a matter of time.....
Using common keys, bugged firmware, no malware protection, no standards, this is a time bomb waiting to happen.
Head of Growth
1 年??
Supply chain mitigation | Golden Screws | #1 Dad & Dedicated Husband
5 年Great article !!! huge problem on the horizon ..?
King Charles III Medal Awardee, Champion of Diversity Awardee, Top 20 Under 40 Awardee, Emerging Exporter Awardee, Rotary Changemaker Awardee, DEI Advocate, Tech Entrepreneur, Not for profit,Social Enterprise
7 年Thanks for sharing Johan Hybinette!