Reaping the benefits of security flaws in the IoT

Security has always been a tough nut to crack when it comes to the Internet of Things.  Having things fully secured yet always connected to other devices is like trying to balance an egg on your head whilst in a heavy downpour.  From large-scale attacks like the Mirai Botnet attack last year to smaller breaches across various systems, it’s clear that there’s a widespread issue with securing these networks and devices appropriately.  Today’s biggest problem though is a new botnet called Reaper.

What is Reaper?

In a way, it’s the same as Mirai was.  It’s a malware that attacks and infects different IoT devices through their network and lays dormant… at least for now.  Once activated though, it can be used to DDoS damn near any website or service its creator wants.

The purpose of Reaper as of right now is a mystery.  What we do know is that it’s infected quite a few IoT devices already and is growing and ‘evolving’ faster than Mirai was able to.  The worst part of Reaper is that, thanks to its dormant state, knowing your device is infected is difficult.  It won’t run any differently and will seem perfectly fine.

What will happen if/when it’s activated?

To put it simply, your device will be under their control.  It’s not as scary as it sounds though.  Collecting a large number of devices like what Reaper’s doing is generally only used for one thing — DDoS attacks.  By using thousands or even millions of devices at once to constantly send information requests to a server, they can effectively shut it down.

If used like Mirai was, it can cause serious, widespread issues with all sorts of different services.  In Mirai’s case, it was able to affect Spotify, Twitter, and even Amazon.

How can Reaper be stopped?

Well, the biggest problem with Reaper is that it’s not just infecting devices through a single issue, but through at least nine security vulnerabilities.  Constant updates through security patches are the best and only way to counteract it at this time and even that will take time, giving Reaper more time to grow and infect.

On the positive side, Reaper isn’t aiming to infect every single device it can get its hands on.  According to research released last week, it’s less aggressive than Mirai was.  Reaper focuses on remaining under the radar of security tools.

Looking forward is equally as important as quelling this current attack, though.  Right now, devices are vulnerable and yet still they’re taken to market much too quickly.  Investing a little money in proper security for our networks could help to save thousands in patches and possibly even legal fees.

Reaper is definitely dangerous, but it’s just the latest in what could be a long line of copycats.

What happens if technology doesn’t keep up with the IoT?

The Internet of Things (IoT) is a very broad term.  I guess that’s to be expected when one of the terms used in the name is as generic as “stuff”, but there’s a good reason for that.  The IoT is more of an idea than an actual technology — the idea of connecting multiple devices through the use of sensors and the Cloud.  As an idea that’s currently being tested all around the globe in many different industries, one must wonder how successful it really is with our current level of technology.  If I were to give it a build, I’d call it Internet of Things Alpha right now.

Why are we in the “Alpha” phase still?

Alpha is used to describe the earliest workable build.  It’s definitely not ready for release and has a lot of testing and improvements still to be made.  Now, before you go thinking this is the Internet of Things fault, it isn’t.  Believe it or not, our tech just isn’t keeping up well with everything the IoT can be.

The best example of this is a recent trend — the little smartbox listening systems like the Echo.  Last year, a colleague of mine bought one with every expectation that this little device would save a few minutes each day by checking bus times, setting calendar reminders, and even doing the odd “googling” when she needed it.  At first, it worked pretty well!  It did the tasks she needed and she was satisfied.  Today, she’s selling it.

When I asked why, as I’d thought it was working great for her, she said she just never really used it except to check bus times.  The reason she gave was because she had to keep asking the same thing to get a result.  It rarely understood her.  It’s no fault of the IoT here that the Echo, but the technology around it.  Even though the device had the capability to do what the user wanted, it just couldn’t understand.

What’s working in the IoT, then?

Simple is better.  Currently the biggest successes within IoT-enabled systems are the less complex devices.  These include things like baby monitors, thermostats, locks, and various production-assisting systems in companies.  They work well because they’re building on technology we’ve been using for decades over technology we’re still developing and improving upon.

Don’t get me wrong, newer tech can definitely still be useful, but when it comes to the IoT, there’s a lot left to be developed and going to far too fast might just come back to bite a smaller company in the end.

The truth of the matter is that the IoT is already proven.  It’s a system that works and has many benefits in the years to come, but we need to focus equally on developing our other technology along with the IoT.  All the sensors in the world won’t help if your device thinks you’re saying “sandwich” rather than “search for”.