Return of the IoT Botnet: exposing the soft underbelly of IoT devices
Like the Fast and Furious movies, IoT botnets and cyber attacks just keep coming. The most recent attack, the Silex botnet, is particularly nasty. It doesn’t use devices to create DDoS attacks or attempt to steal personal data. As ZDNet explained in its June article about the attack, the new malware simply deletes the software from the device rendering it useless, or 'bricking' the device.
By Alan Grau, VP of IoT, Embedded Systems, Sectigo
And much like the aforementioned big-budget movies, the story line for IoT cyber attacks is strangely familiar. Cyber criminals discover weak security in IoT devices, create a cyber attack that exploits that weakness, and then deploy it in mass. As I am writing this, the Silex botnet has wiped 2,000 devices in the first hours after its release.
Fortunately, there are ways to prevent these kinds of attacks. There will be more attacks against IoT devices; but your device doesn’t need to be a victim. OEMs CAN build devices with strong security. Some companies are addressing the problem; most are not.
IoT security is not simply a technology problem. The solution starts with companies choosing to fix the problem starting in the design phase of their products.
Some OEMs have hired security professionals to C-level positions with a product security focus, much as they have had CISOs focused on network and data security. This has also become a board-level issue. I know of at least one large OEM whose board of directors has mandated security requirements for products they develop.
Other companies remain with their heads in the sand but will pay the price for ignoring security. Silex won’t be the last IoT cyber attack, but these attacks can be stopped.
Proven IoT security solutions
Proven solutions are available for securing IoT devices. Adding a few basic security capabilities can make IoT devices dramatically more secure, and greatly reduce the risk of falling victim to a cyber attack. These capabilities include:
- Secure boot
- Secure remote firmware update
- Secure communication/certificate-based authentication
- Data protection
- Secure key storage
- User authentication
- Embedded firewalls
Secure boot utilises cryptographic code signing techniques, ensuring the device only executes code produced by the device OEM or other trusted party. Use of secure boot technology prevents hackers from replacing the firmware with malicious versions, thereby blocking a wide range of attacks.
Secure remote firmware update
Secure firmware updates ensure device firmware can be updated, but only with firmware from the device OEM or other trusted party. Like secure boot, secure firmware updates ensure the device is always running trusted code and blocks any attacks attempting to exploit the device’s firmware update process.
Secure communication using certificate-based authentication
Utilisation of security protocols like TLS and DTLS adds authentication and data-in-motion protection to IoT devices. Eliminating sending data in the clear, it is much more difficult for hackers to eavesdrop on communications and discover passwords, device configuration, or other sensitive information.
Certificate-based mutual authentication, when establishing connections, eliminates man-in-the-middle attacks and prevents attacks from unauthorised or unknown devices.
Security protocols provide protection for data while it is transmitted across networks but does not protect the data while it is stored on the device. Large data breaches often result from data recovered from stolen or discarded equipment.
Encryption of all sensitive data stored on the device provides protection should the device be discarded, stolen, or accessed by an unauthorised party. For instance, most office, business, and personal printers have an integrated drive inside that can store tens of thousands of documents.
Secure key storage
Authentication, secure communication, data protection, secure boot and secure update all depend upon encryption keys, certificates, and signatures. This information must be stored on the device in a safe and secure manner.
It must be protected both from discover and from tampering. A hardware-secure element that is a separate security chip that provides protected storage and cryptographic operations is the ideal solution for secure key storage.
The Secure World provided by ARM Trustzone technology or other Trusted Execution Environments can also be used. For devices without hardware-based secure storage, a software-based solution can be used.
Weak or non-existent user authentication recently resulted in thousands of IP cameras with well-publicised default passwords being enlisted in a high profile Denial of Service attack. A strong user authentication method is a clear requirement for device security.
Firewalls are standard security features of PCs, servers and most IT devices. An embedded firewall enables IoT devices to implement protection against network-based attacks by implementing rules-based filtering and Stateful Packet inspection.
The role of the user
On an individual level, there is less we can do.
If a company produces an insecure product, the consumer can either live with it or not buy it. For those products with built-in security, users must enable appropriate levels of security, change default passwords, and use strong passwords.
The devices bricked by the Silex attack could have been protected from this attack. Secure boot, an embedded firewall, or TLS with mutual authentication, each could have avoided the takeover of that enabled the attack. These best practices have the benefit of not requiring the user to remember passwords or unique logins.
For as little as one percent of the price for the device, this disaster could have been avoided.