Reaper should act as wake-up call for IoT security
October 26, 2017
In the wake of Reaper, the latest IoT botnet, Paul Lipman, CEO of consumer cyber-security company, BullGuard, has urged the security industry and device manufacturers to address the growing threat from unprotected smart devices.
The call follows the discovery of the latest IoT botnet threat, known alternatively as Reaper or IoT Troop, that has already enveloped smart devices on more than a million networks worldwide. Reaper uses actual software hacking techniques to break into devices – evolving beyond the October 2016 Mirai IoT botnet, which exploited weak or default passwords on impacted IP cameras and internet routers, and took down major web sites across the USA including Twitter, Netflix and the New York Times.
Reaper’s potential for major distributed denial of service (DDoS) attacks that rapidly take down online services is enormous, and makes last year’s Mirai IoT botnet look like child’s play.
“Reaper is a landmark evolution for hacked smart devices,” said Lipman. “Unlike Mirai, it doesn’t rely on exploiting devices with simple default credentials, rather it exploits numerous vulnerabilities in different IoT devices. It uses sophisticated techniques to hack routers and various smart devices. The industry must wake up and address this issue. Taking down web sites may seem relatively innocuous, but Reaper has the potential to cause massive amounts of damage including crashing important online services. How long before we see organisations held to ransom or critical national infrastructure brought to a halt? These are very real and plausible scenarios, yet those responsible for security seem to have gone to sleep.”
UK-based BullGuard protects consumer’s smart homes with Dojo, a consumer cyber-security product built from the ground-up as an enterprise-class network security service, and delivered in a way that is easy to use. Dojo uses multi-layered cyber-security protection including: automatic device discovery and categorisation, smart firewall, smart intrusion prevention and detection system, secure web proxy and network behaviour anomaly detection.
The scale of poor IoT device security was recently revealed by an analysis of BullGuard’s IoT scanner, a tool that scans home networks searching for vulnerabilities. Approximately 310,000 users accessed the scanner to scan their network for vulnerabilities. The scan analysis revealed that 4.5 per cent, or nearly 14,000 devices, could be easily hacked. Extrapolating these results means 378 million devices are potentially vulnerable to hacking now, growing to more than 900 million potentially susceptible devices by 2020.
“The widespread adoption of IoT has brought with it tremendous convenience, but consumers are starting to have high expectations about the responsibility device manufacturers should bear to ensure their connected gadgets are secure from cyber attacks,” said Lipman. “Robust multi-layered protection needs to be adopted at a wider level in society if we don’t want to see globally coordinated IoT cyber attacks that could be potentially calamitous.”