In the last 20 years, Information Technologies (IT) has made exponential leaps to bring more products and devices into our lives. From smartphones to smart homes, cities, and even countries – we keep discovering new ways to integrate smart devices to enhance and simplify our tasks and activities.
The development of the Internet of Things (IoT) plays a big role in building our modern future. The proper distribution of computational power helps us optimize energy consumption, prolongs the battery life of less demanding devices. The dynamic environment created by IoT is full of hardware that has different requirements. Meeting them with optimal programming and the most suitable power source creates a harmony of devices that complement each other with a joint network.
However, no matter how small some devices might be, the environment built around hardware has many security threats. The protection of IoT devices often remains an afterthought for their owners. With so many targets, cybercriminals can bombard the network with DDoS and other attacks.
Today we will address the dangers of unprotected routers and IoT devices and the safety precautions you can take to limit their exposure.
The emergence of smart environments brings convenience and opportunities to the table, but changes bring unique problems. Here we present the examples of new cybersecurity threats and the tools to ensure their safety.
Telnet – an old wound that plagues internet safety
Telnet is an application layer protocol that provides a two-way communication channel between devices. With a designated port 23, it remains a part of old technology with many security flaws. Telnet still affects modern servers, routers, and IoT devices. But why exactly our technology today still has not adapted to fix these problems? Let’s discuss the ways to stop Telnet security breaches, as well as the consequences of ignorance towards these issues.
Even though we can already replace unsafe communication networks with encrypted protocols, such as SSH, many manufacturers go out of their way to save time and money instead of ensuring the security of produced hardware. The control and communication between small but efficient devices are the keys to creating smart environments. This is the main reason why Telnet is still a very vulnerable wound in our technology. A larger quantity of devices forces us to use cheap hardware that cannot shake away this problem.
And the issue is way bigger than you might expect. Even if you leave a single device with an open port 23 and factory-set login credentials, cybercriminals can use it to start a chain reaction that forces an entire network into a shutdown. This issue can be resolved by using a forward proxy, but most users are unaware of the magnitude of threats that affect these simple devices. If you’d like to better understand the differences between proxy types and the best circumstances for their use, check out the blog post by Smartproxy.
Why would anyone start a Telnet attack?
IoT devices and routers that are exposed to these DDoS and other attacks often become bots when a cybercriminal uses Telnet as a free passage to install malware. Attacks on unprotected devices can sabotage a smart business environment and leave it vulnerable to other security breaches. A hacker that manages to infect one device has a much clearer path to other routers and devices on the same network.
If you believe that your devices have no value to an ambitious hacker, think again. Even if you enjoy smart appliances to bring casual convenience and comfort into your home, the expansion of IoT devices into every field of our lives has brought many new opportunities to cybercriminals.
By injecting malware into unprotected devices, the ever-growing botnet sweeps the world of IoT like a plague. One unprotected device can lead to attacks on your network, which get used for the hacker’s personal gain and the further growth of the botnet. However, a forward proxy can drastically reduce the exposure of your devices.
China and its usage of IoT show the danger of botnets and unprotected devices on a much grander scale. If we do not protect our routers and other hardware, the army of bots will keep growing. As an authoritarian government, China already shows glimpses of a dystopian future of devices infected with government spies. Many countries already experience large-scale botnet attacks, which create new and unique threats to national security. While a single hacker can create direct damage to your well-being through these devices, large botnets only see your device as an addition to the system for further crimes.
The necessary steps for basic device protection
To start off, make sure that none of your routers and IoT devices remain vulnerable to basic Telnet attacks. To stop these threats, make sure to disable Telnet, FTP, and other insecure, unencrypted communication channels.
A lot of internet users that start working with IoT devices and other smart appliances for the first time never see such small pieces of technology as legitimate security threats. Even as a part of a bigger network of devices, a security breach does not look as likely nor deadly as it does with bigger, frequently used electronic devices. Because of it, a lot of cheap hardware remains with factory-set login credentials, leaving an open door for hackers.
By hunting these devices, a single hacker has managed to expose over 500 thousand IP addresses and login credentials of various smart devices.
You can make your smart appliances much safer if you always change default router admin logins and close off Telnet and any other remote access if you are not using them. For an additional layer of safety, make sure to use a forward proxy to protect the network identity of these devices. This is especially important if you have a lot of personal data traveling between your appliances. Use these tips to protect yourself and avoid involuntary contributions to IoT botnets!
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.