Page 67 - Cyber Warnings
P. 67
• Cloud-based IoT – Most IoT devices have a cloud-based application that helps to
manage the device. When these cloud services have poor security, they’re a prime
target for hackers. After infiltrating the cloud service, attackers typically gain access to a
plethora of user account information and devices. So essentially, access to one device is
access to all devices associated with the service.
What is a real-world example of one of these attacks? In September/October of 2016, the Mirai
botnet emerged. It took down Brian Krebs’ website, Netflix, Twitter and more. It exploited IP
cameras, DVRs, and other common household routers by scanning open ports connected to the
Internet and then trying 61 common user name and password combinations that were found in
manufacturer user guides.
The process wasn’t rocket science, and once they gained access, hackers had control of these
devices and used them to launch the world’s largest DDOS attack against cloud DNS host Dyn.
This caused the aforementioned sites to crash. The attack came from more than 160 countries,
showing just how vulnerable IoT devices are across the globe.
While Mirai was not a Wi-Fi vulnerability per se (it happened over a wired network), it did bring
IoT security into the headlines once again, highlighting the fact that Wi-Fi is a major IoT attack
vector for hackers.
MiTM attacks are often used to gain access to Wi-Fi networks, and once in, hackers can search
for vulnerable IoT devices and plant back-door malware that will give them access to a network
from anywhere in the world.
Think about the impact this can have on today’s devices. For example, telemedicine devices like
home heart monitors or blood pressure sensors gather information and send them back to
physicians over Wi-Fi. These little computers are just as vulnerable as DVRs and webcams. Or,
what about Point of Sale (POS) systems?
More and more businesses are running payment-processing systems across a Wi-Fi connected
tablet. These tablets can be compromised using MiTM attacks and malware, resulting in stolen
payment card information or worse. And the list goes on with connected cars, printers, kitchen
appliances, thermostats, light bulbs, industrial systems and more.
If the lack of security on the majority of these devices isn’t scary enough, imagine them all
connecting to a massive, city wide public hotspot.
That’s what’s happening today and it’s called Municipal Wi-Fi. Municipal Wi-Fi is designed to
allow all devices within range to connect to an open, unsecured Wi-Fi network.
Think the local mall on a small scale, but entire cities on a large scale. For example, today,
South Africa has one of the largest municipal Wi-Fi networks, which supports connections from
1.8 million unique devices.
67 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
