*7 new IoT attacks ready to be launched

TechViews news   …..

The rapid spread of Internet connected devices into every facet of our lives will have consequences far beyond our current thinking.

Security-wise, the internet of things (IoT) is going as badly as most computer security experts predicted. In fact, most consumers don’t fully appreciate the potential threats IoT devices pose. Anything connected to the internet and running code can be taken over for malicious purposes.

Given the accelerating proliferation of internet-connected devices, we could be hurtling toward catastrophe. Personal security cameras, for example, were recently used to conduct the largest denial-of-service attacks the world has ever seen, not to mention allowing strangers to spy on the very people the cameras are supposed to protect.

Worse, the coming wave of IoT attacks includes those that could injure or kill people. This isn’t hypothetical. I’m talking about real attacks that are already possible today. And no one has done anything to make these attacks less likely to happen.

Following are seven next-wave attacks that we can expect to see soon.

IoT devices are used in direct personal attacks

Hackers are aggregating hundreds of thousands to millions of user devices into rogue botnets to accomplish their malicious missions. Security cameras and IoT devices are being used to send spam, to conduct massive denial-of-service attacks, and to steal digital currency.

Hackers accomplish this using specially designed bots that look for and compromise predefined IoT devices. The basis for these attacks so far is Mirai, a Linux-based bot that showed up in early 2016. Its source code was released in October 2016 and was immediately reused by many other criminal gangs.

People don’t know that their wireless routers, internet cameras, and refrigerators are being used to attack other people. All the average user might notice is some sluggishness or slowness in their own device, and who would blame that on an IoT bot when lagginess is normal in the computer world.

IoT bots are becoming the hottest new malware type, like ransomware was before, and email viruses were before that. The problem is becoming so bad so fast that many governmental agencies around the world are launching investigations. Unfortunately, literally hundreds of millions of IoT devices out there were coded before we knew about IoT botnets, and they’re waiting to be exploited.

All a thief needs to break into your house is a wifi laptop or smartphone

Thieves are starting to pay attention to our connected homes. Any device in your home that can be controlled over a network or wirelessly can also be controlled by a hacker. Front door locks can now be opened remotely, alarm systems can be deactivated, garage doors can be opened, and thermostats can be manipulated. Even refrigerators have already been hacked to send out spam.

As connected homes become more popular, expect thieves to take advantage. Why break a window when you can press a button and unlock the front door or garage? Traditional criminals prove quite adept at adopting lower-risk methods, especially when you consider that houses that contain smart devices are more likely to have expensive things to steal.

Your smart-TV is connected as well

Our televisions are getting smarter. I can now watch cable, Netflix, Amazon, Hulu, and YouTube, as well as browse the internet, all using my TV’s remote control. But as our smart TVs become big-screen computers, they bring with them the inherent risk of malware and hackers.

Longtime antimalware vendor TrendMicro warned last year about ransomware that can brick TVs. Ransomware is a malware program that encrypts your data and asks for money to unlock it.

Luckily, this particular malware program can only infect a specific type of LG branded smart TV. But no doubt this is only the first wave. Malware writers will code more television-specific attacks. I might not be willing to pay $500 to unlock my company’s laptop, but take away my home entertainment system and I might be willing to pony up the money quicker.

Your wifi-connected medical devices will get hacked

Hackers have long known they can disrupt nearly any medical device that has writeable software, works wirelessly, or connects to the internet. Computer scientists and hackers have exploited heart pacemakers, heart monitors, IV drip devices, medicine dispensers, and diagnostic machinery, all of which have the potential to kill the patient.

Ironically, the slow vetting process and regulations surrounding medical devices may be their undoing. Software and code can’t be significantly updated once it is introduced to the review cycle and released to the public.

As a result, medical devices are always using very old technology by the time they are in operation. None can take advantage of the latest advances in computer security defense; worse, they often contain commonly known exploits that were removed from general computers many years ago.

Your car can be remotely hijacked and controlled

These days automakers are as likely to advertise the cool new cyberfeatures they’ve put in their cars as they are the engine, performance, and styling of the vehicles themselves.

The problem is that cars can now be opened remotely, have their engine killed, and be instructed to crash out of control. We’ve seen those YouTube videos where hackers take over a friend’s car for laughs. Simply do an Internet search for “remote auto security systems” and you’ll see thousands of wireless systems that are easily hacked. And only recently have auto security companies that operate remotely like ‘OnStar’ begun concentrating on tightly securing those systems.

Still, many within the auto industry say that completely securing a car’s entire system against hackers isn’t even the main goal. Who cares if they change your stereo channel? But we absolutely need to be able to stop bad people from doing anything that could threaten human life.

Your vacation might be fraudulent

It happens hundreds of times a day. A fun-seeking family on vacation shows up at their dream vacation home, only to find it wasn’t a rental and they are out the money. Sometimes these fake vacation scammers have entire websites dedicated to the scheme and reply with official-looking rental agreements and procedures. The burgeoning personal do-it-yourself rental sites like Airbnb, combined with traditional Craigslist-type sites, make it easier to pull off.

Experts say stick to trusted companies and dedicated websites that have safeguards to prevent fake rental scams, and be especially aware of anyone who wants you to wire money instead of using a credit card.

Your biometric identity will be up for sale

Passwords are quickly becoming persona non grata, rapidly replaced by two-factor and biometric authentication. Many people think that biometric identities are the best solution; after all, who can fake your retinal scan?

Most users don’t realize that their biometric identity is stored as a digital file. Sometimes that biometric identity is stored exactly as it is (that is, your fingerprint impressions are stored looking exactly like your fingerprints). Because your biometric identity is stored so that it can be accessed for future authentication, hackers can steal it as easily as they can your password. And they can use your biometric identity on any system that used it in the first place.

The only difference is that if your password is compromised, you can change your password. You can’t change your retina print (yet). When your biometric identity gets stolen, essentially your identity is stolen for the rest of your life.

This becomes a big problem especially when large biometric databases are stolen, like the 2015 U.S. Office of Personal Management heist in which more then 5 million fingerprints were stolen.

The world’s largest publicly known fingerprint database, the FBI’s Fingerprint Identification System contains at least 70 million fingerprints. Tens of thousands of sites and hundreds of thousands of computers have access to those files.

It’s clear that our world is becoming more connected, and the vendors supplying digital devices aren’t doing nearly enough to secure them. Like now, where in the face of criminal ransomware, computer security experts are longing for the old days when computers where the only objects being exploited.

This is not just sci-fi movie stuff anymore!

Be Safe – Backup Your Data Regularly!

**********

And don’t forget to take advantage of our FREE subscription to the TechViews.org Newsletter. A must-read if you are interested in Internet Security.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s