Menu

IoT FEATURE NEWS

Stopping Mirai DDoS: What Consumers and Developers Can Do

By Special Guest
Jay Srinivasan, Sr. Director of Engineering at infiswift
October 11, 2016

There’s been a lot of buzz in the news about the huge Mirai DDoS attack that took down the Krebs security blog.  It used IoT gadgets like IP cameras, DVRs, printers and routers as bots to create an attack of over 600 gigabits per second of time-wasting network traffic. The code for this type of attack has now been released as open source, which means we can expect more such attacks in future. This begs the question - What can we as the IoT community do to mitigate these types of attacks? At infiswift, security is paramount and we’ve thought a bit about best practices to curb and respond to DDoS attacks like this in the future.  Here are our thoughts.

As a consumer of IoT devices and services:

  • Change the default passwords on devices like routers, printers, IP cameras and thermostats at your home and office. A good password is one that’s easy for you to remember but very hard to guess due to meaningless combination of words and numbers for example “typhoon42advil”.
  • Turn off unnecessary features and access. For example, turn off remote administration on your devices and unused protocols or services like ICMP and WPS. Also, close network ports that are not absolutely needed.

These two steps can prevent an attacker from remotely taking control of your devices and using them for an attack. Of course stronger security also prevents other attackers from spying on or taking control of your home network. The main issue on the consumer side is that manufacturers and developers have not made taking these actions very easy or customer friendly, which brings us to what developers can do.

As an IoT developer:

  • Enable security by default: Consumers generally prefer convenience over security, so it’s up to the developer to setup security as default.
  • Reduce the attack surface area: One example is instead of always keeping a port on, only turn it on when needed based on a signal from an existing connection and close it after the job is done.
  • Adopt the Principle of Least Privileges: Run a piece of code with the minimal privileges it needs and nothing more. For example, don’t run code that doesn’t require root privileges as root. Instead, create another user with restricted access to the services and system that’s just enough to run the code.
  • Use Source Code Analysis Tools: These can catch issues before shipping code for a release. For example, buffer overruns and integer overflows can be easy targets for an attacker to use as entry points for remote code execution.
  • Use defense-in-depth strategy: Don’t just have one layer of defense. Instead, have multiple layers like two factor authentication so an attacker cannot just break one layer and bring down the whole system.
  • Run your services behind solid DDoS mitigation services.

There have been many advances in terms of protocols and technologies to provide better security over the last few years, so why do we still have these types of attacks? Well, it doesn’t matter what the strongest part of your system is, rather, it’s the weakest link that attackers go for. That old router in the basement which you never bothered with, that old server in your network which you thought would be used to test something, those are the culprits and they’re everywhere. Although it’s not spring cleaning time now, incidents such as the Mirai DDoS are a good reminder for us to do some, hmmm…, fall cleaning!




Edited by Ken Briodagh


SHARE THIS ARTICLE
Related Articles

Merger: NXT-ID and Fit Pay Complete Business Combination

By: Ken Briodagh    5/24/2017

NXT-ID and Fit Pay merger creates comprehensive security, payment and authentication platform for Internet of Things and expands NXT-ID's existing pro…

Read More

Cisco Says New IoT Platform Will Take Projects to Success

By: Ken Briodagh    5/24/2017

Cisco has released a new IoT platform designed to help customers get over the proof-of-concept hurdle and release successful IoT products, solutions a…

Read More

Qualcomm, China Mobile Research Institute and Mobike to Commence LTE IoT Multimode Field Trials

By: Ken Briodagh    5/23/2017

According to a recent announcement, Qualcomm plans to commence the first eMTC/NB-IoT/GSM (LTE Cat M1/NB1 and E-GPRS) multimode field trials in China, …

Read More

New Cisco Survey Indicates That Most IoT Projects Are Failing

By: Ken Briodagh    5/23/2017

A new study conducted by Cisco seems to indicate that 60 percent of IoT initiatives stall at the Proof of Concept (PoC) stage and only 26 percent of c…

Read More

IoT Time Podcast S.2 Ep.28 DMI

By: Ken Briodagh    5/23/2017

On this episode of the IoT Time Podcast, Ken Briodagh sits down with Magnus Jern, Chief Innovation Officer, DMI.

Read More