IoT devices are increasingly used for DDoS attacks and a majority of these IoT security attacks originate in China and the U.S.
Internet of Things (IoT) devices are increasingly being used for carrying out IoT security attacks, in particular distributed denial of service (DDoS) attacks. DDoS attacks are the main purpose of IoT malware. Not only the number of attacks is on the rise, many of those go unnoticed as most IoT devices get plugged in and forgotten, warns security firm Symantec in a new report. “Many don’t get any firmware updates or owners fail to apply them and the devices tend to only be replaced when they’ve reached the end of their lifecycle. As a result, any compromise or infection of such devices may go unnoticed by the owner and this presents a unique lure for the remote attackers.” Devices used by cyber criminals include home networks, routers, modems, CCTV systems and industrial control systems.
The most common method for distributing malware consists of a scan for random IP addresses with open Telnet or SSH ports, followed by a brute-force attempt to login with commonly used credentials, Symantec found. The security firm also found that default passwords are rarely changed. “The current IoT threat landscape shows that it does not require much to exploit an embedded device. While we have come across several malware variants exploiting device vulnerabilities – such as Shellshock or the flaw in Ubiquiti routers – the majority of the threats simply take advantage of weak built-in defenses and default password configurations in embedded devices,” Symantec said.
2015 saw the emergence of no fewer than eight new malware families and was a record year for IoT security attacks. Symantec also found that in 2016, more than half of all IoT security attacks originated in China and the U.S. A total of 34 percent of attacks originated in China and 26 percent in the U.S. Russia was ranked third (9 percent), followed by Germany (6 percent), the Netherlands (5 percent), and Ukraine (5 percent). Vietnam, the U.K., France, and South Korea were also part of the top ten.
IoT privacy also neglected
Security is however not the only issue IoT device makers need to fix. The Global Privacy Enforcement Network (GPEN), an international network of 59 data protection and privacy enforcement agencies from around the world, has found that device makers fail on IoT privacy too. Looking at 300 IoT devices in 25 countries, GPEN found that 60 percent of IoT devices failed to give sufficient information to consumers on how data is collected, used and shared with third-parties. A total of 72 percent failed to inform consumers on how they could erase their data from IoT devices, while another 38 percent failed to provide contact details for privacy queries. A vast majority of devices, 93 percent, did not clearly specify if or how users could delete information remotely in case of device loss or theft. The study also found that some mobile health devices sent unencrypted e-mail reports to general practitioners.
IIoT News Recap: Ikea launches plug & play smart lighting solution; BMW, Daimler and Volkswagen share real-time traffic data via Here maps; Ssangyong, LG Uplus, Tech Mahindra to develop connected car platform; Snapchat ventures into wearables with glass-mounted camera
Smart home: Ikea launches plug & play smart lighting solution
Following up on its smart home strategy, furniture giant Ikea announced the launch of a collection of plug & play wireless LED lights, light panels and light doors. As a first step in its smart home strategy, Ikea launched furniture integrating wireless charging last year. The new plug & play LED collection will be launched as a pilot in Sweden, the Czech Republic, Italy and Belgium in October this year, followed by a rollout in Europe and North America in April 2017.
Connected car: BMW, Daimler and Volkswagen share real-time traffic data via Here maps
BMW, Daimler and Volkswagen, the three automakers which acquired Here from Nokia last year, have agreed to share real-time visual traffic data gathered via car sensors and make it available to Here users. The data will be collected from brakes, windshield wipers, headlights, location systems, cameras and other sensors, and translated into alerts in Here, Reuters reports. The map service will be launching a set of new services using this data in the first half of 2017.
Connected car: Ssangyong, LG Uplus, Tech Mahindra to develop connected car platform
South Korean automotive manufacturer Ssagyong Motor, a subsidiary of India’s Mahindra & Mahindra, signed a memorandum of understanding (MoU) with IT affiliate Tech Mahindra and operator LG Uplus to develop a platform for the connected car, the Investor reports.
Wearables: Snapchat ventures into wearables with glass-mounted camera
Snap, the company formerly known as Snapchat, announced the launch of “Spectacles”, a wifi- and bluetooth-enabled, wireless video camera mounted on sunglasses. The device can take a day’s worth of snaps on a single charge, Snap said in a statement. The new wearable device transfers pictures automatically to the app in a new, circular, video format. The company, which now calls itself a camera company, has yet to specify a launch date.
