Quite recently, Simon & Schuster published “The Third Wave: An Entrepreneur's Vision of the Future," Steve Case’s first book. If you don’t know him, Steve Case is AOL’s co-founder and long-time chief executive.
We won’t go into the book in detail, but we’re still interested in its main premise. And that is: that the future is reserved for the pioneers of the Internet of Things (IoT), just as the present is for Google and Facebook.
However, if history has taught us anything, it’s that risks tend to increase with progress. And the Internet of Things is not an exception.
Cyber Threats to Worry About
It’s only normal that as the number of IoT devices is growing, the number of cyber threats is also on the rise
. For a fairly simple reason: computers and mobile phones have long stopped being the only devices connected to the internet. However, antivirus software has not really adjusted to the variety of operating systems we are dealing with on an everyday basis.
Really: just think of the sheer number of new gadgets!
Smart home devices (refrigerators, domestic vacuum cleaners, smart thermostats, washers, etc.), smart grids and virtual power plants
, wearable healthcare devices
and miscellaneous medical equipment, rescue mission robots, and even pharmaceutical drugs
! And we can go on!
Well, all of these IoT devices need a network connection. And we guess you can already sense where the main threat comes from.
The Origin of the Threat
It’s not exactly a secret that nowadays both our houses and our offices are stuffed with various smart devices, regardless of whether we need them or not.
We use some of these devices to access the Internet directly and send/receive information from other devices. The majority of them are active elements of a large network. In a way which is invisible to us.
The main threat, however, aren’t these devices per se. The threat actually comes from a host of unregistered devices.
, in a paper published by ISACA, John Pironti, president and chief information risk strategist at IP Architects
“IoT devices are likely to be built by numerous manufacturers, on multiple open source and proprietary operating systems, and have various levels of computing power, storage, and network throughput. Each IoT endpoint will need to be identified and profiled, added to an asset inventory, and monitored for their health and safety.”
The issue is the following one.
Namely, most of the information security officers of the larger organizations can’t really follow the number of gadgets connected on a daily basis to the internal network. Because, some of these gadgets are quite innocuous, as, for example, UPSs
for backup batter power.
However, with sufficient knowledge, one can use almost any one of these unregistered devices as an access point to the whole inner network.
So, in a nutshell, one can steal from you some very critical data and demand you a large ransom for it because of a forgotten UPS.
But, How Does It Work?
So as to be able to connect to the Internet, every smart device should have a special hardware element, that is, a network interface controller (NIC). Every NIC has its own number, i.e. a MAC (Media Access Control) address. To establish a connection to the Internet, the IP (Internet Protocol) number (which is a “software” address) should be associated with the MAC number (which is a “hardware” address) by means of an Address Resolution Protocol (ARP).
The technique used by hackers most often is called MAC spoofing. Loosely speaking, it means changing the MAC address of a device in order to imitate the behaviour of another device. It allows a hacker to access a network as an authorized user via an unauthorized device.
One of the earliest cases of MAC spoofing due to the weak security of IoT gadgets happened back in 2013 when houseware devices started sending spam emails
. David Knight, general manager of the information security division at Proofpoint
, pointed out
on the occasion:
“Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come on-line and attackers find additional ways to exploit them.”
What You Can Do to Prevent Yourself
Although there is no panacea for preventing devices from MAC spoofing, there’s a certain set of actions which may help you strengthen your system’s security.
1. Identify All Access Points
There are many services which provide the option of a complete network analysis. These can help you identify how many devices are connected to your inner network. Every device which looks suspicious is most likely not secured and can be used as an access point to your network by hackers.
2. Analyse Connected Devices
After identifying all access points, you may need to analyse the devices themselves, one-by-one. This way, you can figure out whether each of them behaves in the manner it should. The Reverse Address Resolution Protocol (RARP) may help you detect MAC spoofing.
RARP is applied to map a MAC address to an IP address; if it returns more than one IP per MAC, it means that there are real reasons to worry. Consequently, you should carry on the investigations, by searching the local area network (LAN) for duplicate MAC addresses. And, of course, strengthen the system security.
3. Secure All Network Elements
Every IoT device connected to the network needs some protection. That’s why it’s important to evaluate all the technologies used by the operating system of the respective device. I recommend taking a look at a document provided by the GSMA
. It describes the main guidelines for creating secure endpoint ecosystems. And it’s more than useful.
The Good Sides of MAC Spoofing
We feel obliged to note that MAC spoofing has some good applications as well. Sometimes, for example, it’s used to create a wireless connection with the network, which means that you can modify the MAC address of your device to make it recognizable by the network. This doesn’t imply by itself that you have any hidden intentions.
Moreover, MAC spoofing is a useful technique in penetration testing. Penetration testing is employed to test the security of a system. And since it works as a sort of a simulated hacker attack (that’s why it’s also called ethical hacking), it can help you identify the weak points of your IoT infrastructure before the hackers do.
If an IoT system isn’t sufficiently secured, it becomes vulnerable, especially via such relatively simple – and sometimes legal – techniques as MAC spoofing.
It’s very difficult to completely prevent MAC spoofing. However, there is a set of measures which can drastically decrease the probability of a hacker attack: identifying, registering and constantly monitoring all endpoints of your IoT infrastructure.