With more botnets being created from IoT devices, securing and cleaning the devices is more important than ever. There has been a rise of high profile infections in the likes of Aidra, Mirai, and now Linux/IRCTelnet which infected over 3,500 devices in five days.
Although these light-weight devices generally do not support security on them, there are some best practices to reduce the risk of infection.
If you think your device has been taken over by malware, the first step you should take is to reboot the device and take it off-line. Most of the current infections lack persistence which means a simple reboot will remove the infection.
The command and control server does keep a list of the IP addresses, so if the device comes back online without any changes they can be re-infected.
2. Update credentials
Change the default login credentials. This seems like a no-brainer, but a recent infection of IP webcams was a result of login credentials being unchanged. Follow password best-practices and do not duplicate passwords among multiple devices.
3. Disable telnet connections
Telnet is often used to manage devices and adjust configurations. Disabling telnet will reduce the ability of the cameras to be remotely infected and controlled. Though telnet may be needed for initial deployment, having it left online is a high risk.
4. Disable SSH
Disable SSH. Like telnet, SSH is used on some embedded systems for remote management and configuration. Default passwords or hard-coded passwords result in weakened security. Disabling SSH after deployment will reduce an attack vector.
In conclusion, only give an IoT device access to the internet when necessary. If the device is a sensor, keep it off the internet until you need to poll for the data.
Keep the device behind a firewall and reduce the number of open ports. Monitor the traffic for high bandwidth usage during non-peak times and anomalies. Once an anomaly is detected, power off the device and look for a resolution.
These types of attacks are only going to get more robust and more capable. Balancing the risk/reward is going to be difficult for companies deploying IoT devices and for the manufacturers creating them.
Using best practices for passwords, reducing unnecessary features, and monitoring the traffic from the devices is going to be key in protecting your organization and those devices being targeted.
Are your IoT devices secure?
Protecting your data is more important than ever. Connect with our security experts to arm your IoT devices and your customers.