|
I completely understand how IoT devices were used in the massive DDoS attacks because they are easily manipulated due to lack of firewalls, default passwords, etc. What I don't understand is although easily hacked, most IoT devices are connected to secured private wifi networks. Here's the question: So is it assumed that these thousands of IoT devices' networks were hacked first, then the device itself was hacked? |
||||
|
|
|
The devices are designed to be accessible from outside the home. To offer this service to their owners, they need to be accessible through the firewall. The way they do this is by sending a UPnP packet to the owner's router that tells the router to open a port that connects back to them. They then listen for connections that arrive directly from the internet. In other words, the devices first hacked their own routers by design, which exposed their own vulnerabilities. To protect yourself, disable UPnP on your router. |
|||||||||||||||||
|
|
Your understanding of the attack is not as clear as you think. In this article, Krebs mentioned that the attackers didn't really have to hack the devices. The vulnerability was well known, they just had to scan the internet for those devices. EDIT : After @tlng05 's clarification about the question. |
|||||
|
Yes they are connected to your private wifi networks, But are they secured? Well not so much as pointed by you these device are unprotected by firewalls, IPSs unlike the enterprise networks. Some of them have ancient firmwares, which haven't been updated since ages. And yes some have default passwords still working, So that anyone can easily take access and exploit them for attacks.
Well not necessarily, Although it may be possible in some cases. But mostly these devices are intentionally left exposed to the internet because they are needed to be accessed from anywhere around the world. As pointed out by many examples above, If you want the CCTV footage of your house mostly you would want it live streamed on your handheld device and that is why they are needed to be accessible over internet. They are N number of other examples. Conclusion: To use IoT devices to attack, one doesn't need access to your network. These devices can be directly accessed from internet. What we need to do is protect these devices from such un-authorized accesses and keep our devices safe without having to use expensive devices like firewalls and IPSs. |
|||
|
|
|
While IoT devices are indeed within secure networks, they are largely made such that they are accessible from the internet. For example, the temperature setting of your home is accessible from your phone app when you're at work. This is enabled by a connection being opened up to the internet. This answers why they're able to access the outside world. Now, most IoT devices, or botnets, are not well patched and use loose security configurations. Parts 1 and 2 of the article found here explain this in detail, but to summarize, these devices are infected with malware. They are able to send outgoing messages to the internet (the outside world). And thus, they end up sending the "DoS" message to the target. |
|||
|
|
|
Your misconception is here:
Whilst many home WiFi networks are secured against unauthorised wireless devices connecting directly, many are wide open to access from the wider Internet. It's this access (that's demanded by the IoT devices to perform their legitimate functions) that can be abused (and on a much bigger scale than physically visiting many WiFi networks). The attack surface of a router is on |
|||||
|
