About Technology, Solutions

Methods of attacking IoT systems

Posted on by Loan Huỳnh

Few people know that the largest DDoS attack in history (as of 2016) originated from IoT devices infected with malicious code, on the KrebsonSecurity website, showing that the problem of research to find solutions to protect Securing IoT systems is essential. In this article, Tedev will discuss how attackers infiltrate IoT systems.

Due to the significant development of IoT, more and more devices are commonly used in our lives. For example, smart home, wearable devices to monitor health, automatic irrigation systems, smart cities… it can be said that IoT is everywhere. However, despite the ability of IoT devices to make our lives easier and more comfortable, IoT devices lack basic security, thus making them vulnerable to various forms of cyberattacks. . The goal of hackers when exploiting IoT devices is to gain unauthorized access to users’ devices and data. A hacker can use compromised IoT devices to build a botnet, which in turn can be used to launch a DDoS attack.

Your data, location, email accounts, financial information and photos are all on your smart device or IoT device, which for hackers is a real treasure trove. With life and technology increasingly developing, the need to buy and sell IoT devices and the number of devices is increasing. The number of IoT devices is expected to reach 75 billion by 2025. Due to the lack of security policies, smart devices become easy targets for hackers, which can be compromised to track user activities , misuse sensitive information (such as patient health records), install ransomware to block access to devices, monitor victim’s activities using CCTV cameras, commit fraud credit card fraud, accessing private homes, or adding devices to a botnet army to carry out DDoS attacks.

Following are the different stages in hacking IoT devices:

  • Collect information
  • Scan for security vulnerabilities
  • Launch attacks
  • Get remote access
  • Maintain access.

The first and most important step in attacking a loT device is to extract information such as IP address, protocols used (Zigbee, BLE, 5G, IPv6LoWPAN, etc.), open ports, device type , the geographical location of the device, the manufacturing number, and the company that manufactured the device. In this step, the attacker also identifies the hardware design, its infrastructure, and the key components embedded in the target device present online. Attackers use tools such as Shodan, Censys, and Thingful to perform information gathering or reconnaissance on target devices. Devices that are not available in the network but are in the communication zone can also be detected using evaluators such as Foren6, Suphacap, CloudShark and Wireshark.

Next, when attackers collect information about a target device, they look for a device’s attack surface (identify vulnerabilities) that they can attack. Vulnerability scanning allows attackers to find the total number of vulnerabilities present in the firmware, infrastructure, and system components of an accessible IoT device. Once the attack surface area is identified, the attacker will scan for vulnerabilities in that area to identify attack vectors and perform deeper exploitation on the device.

Next, after discovering security holes, hackers will exploit using techniques such as DDoS, rolling-code, signal jamming, Sybil, MiTM…

After successful exploitation, hackers will remotely infiltrate the device without being detected by security devices such as Firewall, IPS/IDS, AV… Remote access to the device will create a ladder for crooks to continue attacking other devices in the victim’s system.

Hackers will maintain access by deleting logs to avoid detection, updating device firmware, and installing backdoors to open ports for easy remote access.

 

 

Loan Huỳnh

Leave a Reply

Your email address will not be published. Required fields are marked *