Back to Top

IoT security and the Mirai Botnet

IoT, also known as the Internet of Things, consists of a series of smart devices which are connected to the Internet and can share data. There are billions and billions of IoT devices out there, and they perform various functions.

Smart fridges can purchase fresh vegetables for you the minute you run out of baby carrots for your daily smoothly, for example. Or, other IoT devices can email you whenever your plans need water. Some people rely on Internet of things devices to control lighting in their homes, while hospitals utilize IoT to monitor and log their patients' data.

Internet of Things isn't without its problems, though. To begin with, the very fact that billions of devices can exchange, and even process data poses several serious security risks. And the problem is now bigger than ever, because the first generation of IoT devices, which are still used by millions of people, haven't been built with data security in mind.

This explains why several smart TV manufacturers have sold lots of poorly secured television sets, which allowed the attackers to get access to the built-in TV cameras, for example. Sadly, most Internet of Things devices have a small size, which makes it really difficult to build tiny, inexpensive, powerful devices that also incorporate robust security features.

Often, criminals will use compromised IoT devices to attack other networks. Back in 2016, a huge army of vulnerable home routers, security cameras, electronic gadgets and all sorts of other gizmos triggered one of the largest cyber attacks in history using the Mirai botnet.

A botnet consists of a number of Internet-connected gadgets which have been infected using a malware application, and can now be controlled remotely by a third party. Often, gadgets are infected without the owners knowing anything about it, because the infected devices continue to run normally. Still, people who monitor their network traffic will discover that an infected device will utilize more bandwidth than before.

By making use of lots of devices, cyber villains can build the equivalent of a huge supercomputer, which can then be used for their nefarious purposes.

The Mirai botnet is able to run on various CPUs, including the ones that are utilized by the most popular PCs and mobile devices. It scans the huge blocks of IP addresses which are commonly used by IoT devices, looking for open telnet ports, and then tries to log in by using the default user names and passwords. There are two key security issues here, and (sadly) they make the hacking process a breeze:

- Many Internet of Things devices don't even have a user/pass login feature;

- Most IoT devices users don't bother to change the default user names and passwords.

This makes it really easy for hackers to get access to thousands of vulnerable security cameras, for example, and then coordinate a large-scale DDOS attack against the desired website(s). In a nutshell, the target server will receive lots of requests from the infected IoT devices, and it will be unable to cope with so many simultaneous requests and responses. As a consequence, the server will be knocked off-line, and can be kept that way until the targeted company fixes the problem, or pays the hacker the requested amount of money.

The Mirai botnet consists of two components:

a) The virus, which contains the attack vectors.

b) The control center, which sends instructions to the infected devices.

The hackers who have built Mirai have been arrested, but since the source code has been published online, others have built and are using modified versions of the project. This means that IoT devices will continue to be vulnerable, at least until the manufacturers decide to join their forces and create a standard that will guarantee device security as well.