Protect Your IoT Designs from Malware
12/18/2017 08:00 AM EST
Recent malware attacks such as BrickerBot are a call to action to improve security in products designed for the Internet of Things.
The latest malware targeted wireless access points and routers, turning them into botnets. Once infected, the malware wipes the device, leaving it inoperable.
For example, BrickerBot disables vulnerable IoT devices and turns them into “bricks” by rewriting their flash storage with random data. With BrickerBot, an infected device may require a firmware re-flash to make it work again.
Recently, a vigilante grey-hat hacker, code-named Janit0r, took responsibility for BrickerBot claiming, “I have killed over 200K telnet devices since November…you have probably seen a drop in your bot counts by now.”
While this hacker’s actions are illegal, some hope that it will encourage IoT manufacturers to improve their security. Unfortunately, not all manufacturers develop devices with security in mind.
Here are a few simple steps that can make a big difference:
- Provide software patches as new vulnerabilities are discovered
- Provide routine automatic software updates
- Designate a point of contact if a security issue occurs
- Implement encryption for updates
Traffic that flows between devices and the manufacturer’s servers needs to be encrypted. Any sensitive user data that is stored on the device needs to be encrypted as well.
Provide ways users can check that their patches are kept up-to-date. It should be simple for users to set alerts and notifications and to test and verify the security features of their IoT devices.
Some manufacturers like to create back doors in their products to allow them to provide support. However, this can be a serious security concern and may compromise the integrity and security of the user.
Developers need to use secure coding practices during their build process and ensure it is part of their quality assurance. Ensure devices ship with a reasonably secure password that users must update to a stronger password.
Most distributed denial-of-service attacks rely on easy to exploit vulnerabilities and strength in numbers. If manufacturers take responsibility for preventing malware infections, they can reduce the problems greatly.
-- Rudy Ramos is a project manager in the technical content marketing team at Mouser Electronics.
