Device makers must treat security as a primary design parameter rather than an afterthought.
In mid-October, cyber criminals targeted Internet infrastructure company Dyn with a “massive and sustained” DDoS attack that focused on the company’s DNS infrastructure. The cyber offensive disrupted access to a number of major sites including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix. Perhaps not surprisingly, the massive DDoS attack was conducted with the help of various hijacked IoT devices such as CCTV video cameras and digital video recorders.
Following the Dyn attack, surveillance-camera manufacturer Hangzhou Xiongmai Technology Co., Ltd., confirmed it had issued software patches and planned to recall webcams from the U.S. As the Wall Street Journal reports, Xiongmai “pushed back” against the idea that its devices played a key role in the attack, yet stated that it nevertheless wanted to “face the problem head-on and put customers’ interests first.”
Protecting Internet infrastructure companies from DDoS attacks that target DNS infrastructure can be quite challenging, as it is often difficult to shield the IP layer from a concerted cyber offensive. However, it is important to note that the impact of DDoS attacks can be somewhat mitigated by depriving botnets and their controllers of defenseless “zombie” devices. This means the device itself needs to be protected to prevent companies such as Xiongmai and others from falling prey to malicious cyber criminals.
Put simply, in order to add a device to a botnet and give it commands, the attacker needs to establish a communication channel with the compromised device. To prevent this, only a legitimate, verified cloud service should be allowed to talk to the device. Although manufacturers who have their devices used in a botnet do not see a direct loss (because it is not their service that is attacked), they do incur indirect losses, including recalls and a badly bruised reputation.
Xiongmai, of course, is not the only IoT company facing critical security issues. Indeed, the vast majority of IoT devices are vulnerable to attack, rarely receive major firmware updates and are only replaced upon reaching the end of their respective lifecycles or in the event of a massive recall. Clearly, IoT device manufacturers need to adopt an entirely new approach to security, one that would see a silicon-based hardware root-of-trust embedded into the device application processor itself and/or the communication chipset. In addition to enabling secure connectivity and mutual authentication, a hardware root-of-trust can also facilitate secure over-the-air updates.
This means each IoT device can be uniquely and cryptographically verified to determine if it is authorized to connect to a specific service. Infected and hijacked devices that are not authenticated are denied access to the service, which will, in turn, reduce the effectiveness (and damage) of a DDoS attack on the service provider.
As DDoS attacks increase in both frequency and impact, the industry is slowly beginning to realize that it can no longer be “business as usual,” with IoT security treated as an afterthought rather than a primary design parameter.