Invisible Networks: The Threat We
Don’t See
Quite recently, Simon & Schuster published “The Third
Wave: An Entrepreneur's Vision of the Future," Steve Case’s first book.
Invisible Networks: The Threat We Don’t See
Quite recently, Simon & Schuster published “The Third Wave: An Entrepreneur's Vision of the Future," Steve Case’s first book.
Quite recently, Simon & Schuster published
“The
Third Wave: An Entrepreneur's Vision of the Future,"Steve Case’s first book. If you
don’t know him, Steve Case is AOL’s co-founder and long-time chief executive.
We won’t go into the book in detail, but we’re still interested in its main premise. And that is:
that the future is reserved for the pioneers of the Internet of Things (IoT), just as the present is
for Google and Facebook.
However, if history has taught us anything, it’s that risks tend to increase with progress. And the
Internet of Things is not an exception.
Cyber Threats to Worry About
It’s only normal that as the number of IoT devices is growing, the number of
cyber threats is also on the rise. For a fairly simple reason: computers and mobile phones
have long stopped being the only devices connected to the internet. However, antivirus software has
not really adjusted to the variety of operating systems we are dealing with on an everyday basis.
Really: just think of the sheer number of new gadgets!
Smart home devices (refrigerators, domestic vacuum cleaners, smart thermostats, washers, etc.), smart grids
and virtual power plants, wearable healthcare
devices and miscellaneous medical equipment, rescue mission robots, and even pharmaceutical
drugs! And we can go on!
Well, all of these IoT devices need a network connection. And we guess you can already sense where
the main threat comes from.
The Origin of the Threat
It’s not exactly a secret that nowadays both our houses and our offices are stuffed with various
smart devices, regardless of whether we need them or not.
We use some of these devices to access the Internet directly and send/receive information from other
devices. The majority of them are active elements of a large network. In a way which is invisible to
us.
The main threat, however, aren’t these devices per se. The threat actually comes from a host of
unregistered devices.
Recently,
in a paper published by ISACA, John Pironti, president and chief information risk strategist at
IP Architects, wrote:
“IoT devices are likely to be built by numerous manufacturers, on multiple open source and
proprietary operating systems, and have various levels of computing power, storage, and network
throughput. Each IoT endpoint will need to be identified and profiled, added to an asset inventory,
and monitored for their health and safety.”
The issue is the following one.
Namely, most of the information security officers of the larger organizations can’t really follow
the number of gadgets connected on a daily basis to the internal network. Because, some of these
gadgets are quite innocuous, as, for example,
UPSs
for backup batter power.
However, with sufficient knowledge, one can use almost any one of these unregistered devices as an
access point to the whole inner network.
So, in a nutshell, one can steal from you some very critical data and demand you a large ransom for
it because of a forgotten UPS.
But, How Does It Work?
So as to be able to connect to the Internet, every smart device should have a special hardware
element, that is, a network interface controller (NIC). Every NIC has its own number, i.e. a MAC
(Media Access Control) address. To establish a connection to the Internet, the IP (Internet
Protocol) number (which is a “software” address) should be associated with the MAC number (which is
a “hardware” address) by means of an Address Resolution Protocol (ARP).
The technique used by hackers most often is called MAC spoofing. Loosely speaking, it means changing
the MAC address of a device in order to imitate the behaviour of another device. It allows a hacker
to access a network as an authorized user via an unauthorized device.
One of the earliest cases of MAC spoofing due to the weak security of IoT gadgets happened back in
2013 when houseware devices started sending
spam emails. David Knight, general manager of the information security division at
Proofpoint, pointed out on the
occasion:
“Many of these devices are poorly protected at best and consumers have virtually no way to detect or
fix infections when they do occur. Enterprises may find distributed attacks increasing as more and
more of these devices come on-line and attackers find additional ways to exploit them.”
What You Can Do to Prevent Yourself
Although there is no panacea for preventing devices from MAC spoofing, there’s a certain set of
actions which may help you strengthen your system’s security.
1. Identify All Access Points
There are many services which provide the option of a complete network analysis. These can help you
identify how many devices are connected to your inner network. Every device which looks suspicious
is most likely not secured and can be used as an access point to your network by hackers.
2. Analyse Connected Devices
After identifying all access points, you may need to analyse the devices themselves, one-by-one.
This way, you can figure out whether each of them behaves in the manner it should. The Reverse
Address Resolution Protocol (RARP) may help you detect MAC spoofing.
RARP is applied to map a MAC address to an IP address; if it returns more than one IP per MAC, it
means that there are real reasons to worry. Consequently, you should carry on the investigations, by
searching the local area network (LAN) for duplicate MAC addresses. And, of course, strengthen the
system security.
3. Secure All Network Elements
Every IoT device connected to the network needs some protection. That’s why it’s important to
evaluate all the technologies used by the operating system of the respective device. I recommend
taking a look at a
document provided by the GSMA. It describes the main guidelines for creating secure endpoint
ecosystems. And it’s more than useful.
The Good Sides of MAC Spoofing
We feel obliged to note that MAC spoofing has some good applications as well. Sometimes, for
example, it’s used to create a wireless connection with the network, which means that you can modify
the MAC address of your device to make it recognizable by the network. This doesn’t imply by itself
that you have any hidden intentions.
Moreover, MAC spoofing is a useful technique in penetration testing. Penetration testing is employed
to test the security of a system. And since it works as a sort of a simulated hacker attack (that’s
why it’s also called ethical hacking), it can help you identify the weak points of your IoT
infrastructure before the hackers do.
Conclusion
If an IoT system isn’t sufficiently secured, it becomes vulnerable, especially via such relatively
simple – and sometimes legal – techniques as MAC spoofing.
It’s very difficult to completely prevent MAC spoofing. However, there is a set of measures which
can drastically decrease the probability of a hacker attack: identifying, registering and constantly
monitoring all endpoints of your IoT infrastructure.