The full potential of the Internet of Things (IoT) is still not very clear, but one thing it will do for sure is connect more things and make them smarter. The always connected nature of this technology means it could potentially be accessed at any given time. Therefore, the announcement by Vectra Networks about the vulnerabilities in IoT devices creating hidden backdoors for persistent attacks is not a big surprise to industry insiders, or even consumers for that matter.
A survey conducted by Auth0 in November of 2015 revealed just as much, with 52 percent of consumers stating most IoT devices in the market don’t have the necessary security in place as of right now. The number almost doubles when developers were asked the same security question, with nine in 10 or Ninety percent coming to the same conclusion.
The backdoor gateways were discovered by Vectra Threat Labs on a popular security Wi-Fi cameras. The lab, which is a research arm of Vectra Networks brings together its expertise in security research and data science to identify anomalies in networks and find out the cause or causes for the observed behavior.
The company said, devices such as Wi-Fi security web cameras can be hacked and reprogrammed to service as permanent backdoors. Once the backdoors have been established, the hackers can launch attacks without being detected using traditional security products.
“Consumer-grade IoT products can be easily manipulated by an attacker, used to steal an organization’s private information, and go undetected by traditional security solutions,” said Gunter Ollmann, CSO of Vectra Networks.
The reason IoT devices are vulnerable is because they are low in value, as it relates to cost. The low cost and other considerations has resulted in manufacturers and developers limiting the security protocols to protect the devices. Hackers are aware of these targets, and they have now made IoT devices one of the vectors for breaching networks. It is much easier hacking into a device that doesn’t have the processing power or memory to run antivirus or other security software.
The experiment by Vectra Threat Labs was carried out on a D-Link (News - Alert) Wi-Fi camera that was purchased for around $30. The researchers then programmed the camera to act as a network backdoor without disrupting its operation as a camera successfully. Once Vectra found out about the vulnerability, it informed D-Link in early December 2015. However, a solution hasn’t been found or disclosed as of Jan. 7, 2016, this according to Vectra.
Ollman points out, “Most organizations don’t necessarily think of these devices as miniature computers, but essentially they are in that they can still give attackers access to sensitive company information, particularly because they are connected to the corporate network.” And until everyone realizes the connected IoT devices are just as valuable as other digital assets connected to the organization’s network, they will be exploited by hackers in greater numbers as the deployments increase.