Are Botnets Using My Device?
How to prevent security problems with IoT technology
At the risk of sounding like a B-movie plot, your internet connected appliances could be ganging together with other smart devices, web cams and Wi-Fi routers in the neighborhood to plot a massive cyber-attack.
To be fair, the friendly metal box that keeps your groceries chilled is not to blame. It is an overall lack of security in the circuitry of Internet of Things (IoT) devices such as smart appliances, home alarm systems, thermostats, baby monitors, pool heater controls, door cameras and other items connected to the internet that can be accessed and controlled by cybercriminals.
Couple consumers passion for internet connected gadgets with vulnerable wireless routers and computers, and an entire network of malware infected devices, called a botnet, can be activated and remotely controlled by botmasters to orchestrate a large-scale attack. Because botnets invade at a level deeper than normal viruses, users often don’t know their system is infected.
The problem is real, and very serious. Compromised home devices have already caused immense internet outages. Using millions of botnet-infected member devices, Dyn, a New Hampshire-based company that monitors and routes Internet traffic, was hit with a massive denial of service (DDoS) attack in 2016, when a botnet flooded servers with millions of fake requests for information, knocking them offline and taking down a significant portion of the internet.
Industry experts predict if there is not an immediate and radical change to security of IoT devices, botnets could take down the entire internet in the future. Botnets also commit e-banking fraud and illegally mine cryptocurrencies such as Bitcoin.
How Botnets Work
The term botnet was coined from combining robot with network. A bot in this case is a device, such as a smart refrigerator connected to the internet through your home wireless router, that becomes infected by malware, which then becomes a soldier in a network army of infected devices controlled by a single attacker or attack group.
Botnet malware scans the internet for vulnerable devices. One area of potential weakness are devices and wireless routers that don’t have a secure password. Once enough devices are infected, botnets carry out automated tasks, such as diverting fraudulent traffic to certain fake web advertisements.
One smart refrigerator will not have enough bandwidth to cause much damage, but combine that with millions of devices from homes across a wide geographic area, and a cybercriminal has enough power to launch a major attack.
Preventing Botnet Attacks
Botnets are hard to detect, even on a computer, because they operate on a deeper level than most anti-malware software can detect. But there are a few things consumers can do to prevent a botnet invasion.
Protect Your Router
It is crucial for all home users to reset the factory password that came with their regular or Wi-Fi internet router. Default factory passwords are easily obtainable. Hackers can discover an unprotected router, or hack into one with a factory password, within a few hours of connecting to a network.
If your router is older than five years, consider replacing it so that the security protocols stay up to date.
Create a strong Wi-Fi password with a unique combination of upper and lowercase letters, numbers and symbols. When setting up your network, use a strong form of Wi-Fi encryption such as WPA2.
Help your parents, grandparents and other seniors in your life with router passwords and setting up a secure home network. If it is not in your wheelhouse, a mobile computer service person can do this task for an affordable rate—just make sure they are licensed and bonded. You don’t want the neighbor kid having your crucial passwords.
Bluetooth wireless devices are relatively secure because they operate over a short range and are therefore not efficient to join an army of infected devices.
The Only Protection From a Vulnerable Device is to Not Use it
Be suspicious of every device that connects to the internet. There are so many out there, to come up with a complete list would be impossible. Part of the issue is that creating stronger security is expensive, and often, device manufacturers are unwilling to add to their costs. Many IoT devices do not come password protected, or if they do, passwords are hardwired and users are not allowed to make changes.
Use Reputable Products That Can Clearly Explain Their Security Protocols
There are companies that take security of internet connected devices seriously. For example, the company Nest, which makes products such as smart home security systems and thermostats, has never had a botnet security issue to date. However, the Chinese electronics firm Hangzhou Xiongmai Technology, who also makes internet connected webcams were a big part of the botnet that took down several popular websites, according to the BBC.
Change Your Device Password
When purchasing an IoT device, change the password before connecting to the Internet. In addition to poor security protocols on Hangzhou Xiongmai Technology circuit boards, the company claims that affected consumers also had not changed their device password during set up, and were partly responsible for the botnet attack.
Use Cloud Connectivity
While not foolproof, products using cloud connectivity instead of a home network are not as much of a threat. But it is recommended here as well to use higher-quality items and cloud services from major companies like Google that take security seriously.