The Internet of things is not only household appliances, but also “smart” enterprises.
A coffee machine can be a secret agent of a hacking group. There is a possibility that it is making coffee for you and at the same time participating in DDoS-attack as a private soldier of an army of hacked household appliances. It might be that in a couple of minutes you’ll take your cup of coffee, sit in front of your laptop to read the newsfeed on Facebook, and will find out that Facebook doesn’t work. It doesn’t work because your own coffee maker, united with hacked coffee makers and microwaves of other owners, “attacked” it.
Such options are not fantastic any more. One has only to recall about several strong DDoS-attacks, which happened lately. The first one, on September, 20th, crashed the site of a British expert on cybersecurity – journalist Brian Krebs. That moment was the strongest attack throughout history: the traffic volume exceeded 620 Gbps. However, in several days an even stronger attack (about 1 Tbps) occurred at the site of French hosting provider OVH. On the same days hackers in fact switched off the Internet along the whole East Coast of the US.
The main participants of all those DDoS-attacks were hundreds of thousands of devices of the Internet of things: toasters, printers, routers, surveillance videocameras, connected to the Internet. They sent servers millions of requests, which they couldn’t cope with, in the end.
DDoS-attack is similar to an unexpected activation of all your communication channels: imagine that at the same time all your phones are ringing, someone is calling you in skype, your doorbell is ringing, a child is calling you from a next-door room, and your wife – from the bathroom, signals of incoming messages are everywhere. You’re trying to answer everyone, but end up falling on the sofa and covering your head with a pillow.
DDoS-attacks are already being used with the purpose of money extortion from broker companies, whose business depends a lot on web-services.
But are the possibilities of hacked devices of the Internet of things only limited by DDoS-attacks? We have mentioned that web-cameras participated in a botnet, attacking Kreb’s website. But these cameras do the surveillance, for example, control areas of the city. According to the technology expert of the “Kaspersky Lab”, PhD at the MEPhI Institute of Cyber Intelligence Systems Denis Makrushin, the cracker, who gained the access to the camera, can just switch off video-recording any time and replace video stream, which comes from the video camera to the owner’s servers.
In his recent research, conducted as a part of the international initiative Securing Smart Cities, Denis Makrushin with his colleague has found out that, hacking speed cameras on the roads, violators can switch off records of vehicles in certain or all lanes of their route, and follow cars of law bodies.
In addition, by hacking such cameras, an attacker gets access to the database of stolen cars and can add or remove the necessary car from it.
Before hiding from the pursuit, they usually rob the bank. And then the devices from the Internet of things rush to rescue again. This time it is another element of the road infrastructure – routers, which transmit information between various elements of the "smart" city or data centers. For example, if a bank carries large amounts of money through a secret path, then, having access to the routers, you can find out the route of the column.
“You can use vulnerable things to perform tasks that require a long time of a device or its processing power,” says Konstantin Kogos, deputy head of the Cyber Security Department of the MEPhI Institute of Cyber Intelligence Systems. “For example, you can use an IoT-device with a virus (IoT – “Internet of Things”) to search passwords for other services on the Internet, scan networks for any resources, interesting for an attacker. In other words, the IoT-device, from the cybercriminal's point of view, differs a little from the usual host on the Internet.”
Finally, a network of toasters and coffee makers can be used for data exchange. Of course, these will be very small data packets, but unlike e-mail or Facebook correspondence, nobody will be able to follow them and the content of these conversations will remain in the strictest secrecy. It is not hard to guess who might need it.
There is a reasonable question: if there are cyber threats, then, probably, there is an antivirus. According to experts, “at the moment, every IoT device manufacturer is striving to invent its own ecosystem (software, network protocols, etc.) for the functioning of its products. Given the lack of any standards for the operation of IoT, this fact complicates development of a “single antivirus”, and each manufacturer is forced to solve security problems independently”.
According to the research “The Russian market of IoT and the analysis of technological IoT platforms for promising markets”, published by the analytical agency J'son & Partners Consulting in 2016, Russia generally falls behind in the field of the Internet of things. The share of connected IoT devices in Russia is now 0.3% of the total number of such devices in the world. At the same time, Russia's share in the global economy is estimated at 1.3 to 1.8%.
But do not rush to rejoice that no one can encroach on our coffee makers and toasters. Internet of things is not only home appliances, it's also "smart" enterprises. For example, a farm management platform that integrates a system of agricultural machinery, an irrigation system, a meteorological system, and a seed preparation system. This system significantly improves performance. And the growth of labor productivity leads to economic growth. Therefore, if we do not want to be among the laggards, we will have to live in the world of the Internet of things and learn how to cope with its dangers.
