NewSky Security Presenting IoT Security Research at AVAR 2017 Conference
As the only IoT security research speaker among 300 experts and scholars from more than 100 well known cyber security enterprises, Ankit Anubhav, the Principal Researcher at NewSky Security, shared his research in the IoT threat landscape at the Association of Anti Virus Asia Researchers (AVAR) conference, on 6–8 December 2017, with the aim to raise awareness and create a united community for IoT security.
AVAR was funded in June, 1998 with a mission to prevent the spread of malware and its damage. This year is the 20th AVAR conference, and its main theme is “Back to Basics: Fighting the Evolving Cyber Criminal”.
NewSky Security Presented:
The evolution of IoT threats, and drawing parallels with the conventional malware landscape
Intelligent Attack
A fresh IoT device may be threat-free and patched from known vulnerabilities, but can still have an unchanged default password. On the other hand, there might be an older router with a strong password, which is not updated and can be controlled by a known exploit. Rather than creating two separate bits of malware, IoT threat coding has evolved by including a toolkit with a combination of different attack vectors, such as password brute force attacks, and vulnerability usage in the form of attacking the weakest link.
Mirai with three modules
We observed an evolved Mirai variant which had 3 modules; CVE-2014–8361 vulnerability, TR-64, and default passwords attack. The malware usually first attempts the easy way by taking control of the device using a table of known passwords. If fails, it will try to run two known exploits to control the IoT.
Knowledge is a dual edged sword even for IoT: NbotLoader
Despite the good intentions, any publicly disclosed IoT bug has the risk of being used by an attacker for their own purposes. We observed that such known IoT bugs are polished in hacking forums, and converted to working modules as discovered in the NBotLoader. This module then became integrated into a well-known IoT botnet, QBot.
Future Implications
We observed the first-ever incidence of proof that hackers used an exploit against an IoT thermostat to increase the temperature of the room. While such an exploit was discovered before, we can see how easily it can fall in the wrong hands and cause troubles.
When it comes to cyber security, one of the most agreed upon opinions is “change is the only constant”. The start of a cyber security issue originates from researchers discovering methods to compromise technology and wanting to increase awareness. And we can found it in IoT attackers too. The race between attackers and defenders never ends, and the more evolved side “wins”. While such a scenario happened with Windows malware decades ago, we’ve been witnessing a young IoT cyber security space rapidly evolving.
In the end, Ankit discussed the solutions regarding IoT patching and how researchers can collaborate for a safer IoT world.
