Nothing is safe on the Internet, including your home router. That may already have been hacked – but if the world becomes as connected as companies are hoping, that could be the least of your worries.
In its June 2014 issue, E&T magazine looked at how enterprise and carrier-class routers are having to defend themselves against hackers and other malevolent online agents (see link below). If baddies gain access to those, they can execute a number of attacks, such as denial of service (DoS) attacks, or snagging network traffic. This is a great way to read, say, Cleartext emails as they pass over a network.
There are different levels of router. Large routers forklift vast amounts of traffic as it passes over the Internet, but there are also millions of home routers, bought off the shelf, and often poorly configured, if at all.
People have already hacked these poorly-protected routers on a large scale. One ‘researcher’ claimed to have installed a mini botnet on 420,000 home routers, producing a 9Tb map of the Internet. Another compromised four and a half million home routers in Brazil alone, changing their DNS records to send them to malicious websites when they tried to visit legitimate ones. From there, they were persuaded to install software on their home machines. The result: an instant botnet.
This is all calamitous enough; but now, consider how this might affect the Internet of Things. It’s a much-lauded concept, in which billions of devices become connected to the Internet, all of them communicating information about themselves and their environment.
Cars will tell central servers when their components are about to fail, and they will be able to tell other cars miles behind them about road blockages, for example. Combined heat and power boilers will communicate with each others’ building management systems and trade energy between each other in dynamically-managed markets. Street lamps will communicate air pollution data in vastly meshed networks. Shipping containers will monitor their contents for environment changes and inform retail outlets further down the supply chain. This is the utopian vision.
But what about the dystopian one, in which poorly-configured devices are hacked, and made to communicate the wrong information, or fail altogether?
If the Internet of Things becomes as crucial to our existence as the likes of Cisco want them to be, that makes the whole thing a foundation for our critical national infrastructure. That makes it a primary attack target for those wishing to disrupt it, for financial or strategic gain.
The problem with many of the tiny Internet of Things sensors that are about to be deployed is that they aren’t easily patched. They operate independently in the field, and may have a long life span but often aren’t designed to be updated. Manufacturers do not have the incentive to and, even if they did, the technical challenge of updating a component in your car (or your Internet of Things-connected pacemaker) might prove daunting.
Deployment of the Internet of Things will soon be advancing, and it’s going to overshadow the router security problem by an order of magnitude. It’ll provide security companies with lots of fodder for finger-wagging reports – and nation states with a massive attack surface. And the scary likelihood is that until the first real cyberwar kicks off, we won’t even know that we’ve been hit.
Router vendors responding to growing attacks