Akamai finds longtime security flaw on 2 million Internet of Things devices | WIRED

https://www.wired.com/2016/10/akamai-finds-longtime-security-flaw-2-million-devices/

It’s well known that the Internet of Things is woefully insecure, but the most shameful and frustrating part is that some of the vulnerabilities that are currently being exploited could have been eradicated years ago. Now evidence of how these bugs are being used in attacks is calling attention to security holes that are long overdue to be plugged.

Hackers are abusing weaknesses in a cryptographic protocol to commandeer millions of ordinary connected devices—routers, cable modems, satellite TV equipment, and DVRs—and then coordinate them to mount attacks.  Akamai estimates that more than 2 million devices have been compromised by this type of hack, which it calls SSHowDowN. ;any IoT manufacturers either don’t incorporate up to date SSH or are oblivious to the best practices for SSH when setting up default configurations on their devices. “This is something we’ve known about for a dozen years,”

The Akamai researchers found that hackers have been able to establish unauthorized SSH connections, called “tunnels,” with IoT devices to then route malicious traffic as part of command and control infrastructure.

“Embedded devices still tend to run old software stacks that have not been vetted and that either don’t implement security at all, don’t implement it properly, or might implement security but leave default passwords on there,”

Concern about Internet of Things insecurities has grown as more attackers use the type of approach Akamai describes.

Examples of what such attacks can do can be found at at Brian Krebs site hit with 665 Gbps DDoS attack; Largest Internet has ever seen (highest at the time but has already been topped) and IoT used for censorship and more postings.

It’s time to protect IoT devices.

 

 

 

0 Comments

Be the first to post a comment.

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*