The FBI announcement warns that bad actors could be using IoT devices as proxies for anonymity and pursuit of malicious cyber activities.
The FBI has issued a public service announcement warning of the potential for serious cyber attacks on IoT networks. The alert states that cyber attackers can and do use IoT devices as anonymous proxies for the purposes of malicious activities, which is nothing new to those in the industry, who have been saying for years that the IoT has severe security issues that essentially make it wide open for the taking.
“Cyber actors actively search for and compromise vulnerable Internet of Things devices for use as proxies or intermediaries for Internet requests to route malicious traffic for cyber-attacks and computer network exploitation. IoT devices sometimes referred to as “smart” devices, are devices that communicate with the Internet to send or receive data.
Examples of targeted IoT devices include: routers, wireless radios links, time clocks, audio/video streaming devices, Raspberry Pis, IP cameras, DVRs, satellite antenna equipment, smart garage door openers, and network attached storage devices,” the FBI says in the warning.
The warning goes on to explain that IoT proxy servers are attractive to hackers and cybercriminals because they transmit all internet requests through the device’s IP address, affording them a level of anonymity. IoT devices in developed nations are particularly sought after as they allow access to business websites that block traffic from foreign or shady IPs. Using an IoT device makes it very difficult to discern malicious traffic from regular traffic.
The alert includes a list of things to look for if you’re trying to figure out if a device or network has been compromised as well as a list of things to do to secure your network and devices, such as using a firewall, regularly rebooting devices, changing default usernames and passwords, and making sure firmware is always kept up to date with any released patches installed. Until device manufacturers finally get their act together it’s up to owners to make sure their devices and networks are secure.