Secure Use Of IoT Devices Questioned Due To Bundled CoAP Protocol
The growth of IoT (Internet-of-Things) in both the enterprise and at homes brought enormous convenience to users. However, the convenience and “magic” it provides to homes and officers are not the whole story. The reality of the situation is that cybercriminal organizations are scanning the Internet right now looking for vulnerable devices to target. They love IoT devices, due to its infancy; it is an easier target for them to use as a launchpad for spamming, launching DDoS attacks and making them part of their botnet.
Not all IoT users are familiar with the existence of CoAP (Constrained Application Protocol), t is an IoT technology built-in with most IoT devices. CoAP exists to work around the limitations of the IoT hardware, especially the limited processing power and memory they contain. It enables UDP+TCP implementation in a small package with a unique feature: no authentication. This no authentication “feature” is the key for cybercriminals to take over the device without a lot of hard work from their end.
“The growth of IoT devices using protocols such as CoAP represent a new, fast-emerging attack surface that we expect will play a major role in DDoS attacks going forward. Like other favourite weapon types, CoAP is inherently susceptible to IP address spoofing and packet amplification, the two major factors that enable the amplification of a DDoS attack,” explained A10 Networks’ Rich Groves, Director of Research and Development.
Tagged by A10 Networks as “DDoS” weapons, they have detected that the most number of such devices in a botnet-like structure originated from China (6,179,850) and the United States (2,646,616). Followed by Spain, Russia, South Korea, Italy, and India.
“Having an up-to-date inventory of the millions of DDoS weapons is an important part of any DDoS defence strategy. By creating comprehensive blacklists of suspected IP addresses, policies can be created to block those weapons in an attack. To that end, A10 Networks and our partner DDoS threat researchers analyse forensic data, tap networks, track bot-herder activities, and scan the internet for weapon signatures,” added Groves.
Publishing to the Internet with default settings is like using IoT devices with its vulnerabilities exposed to the public. Instead of entrusting security measures to the user, it is necessary to forcibly change the admin password at the time of setting the device for the first time, those that can be maintained via the network are forced to apply a patch, no exemptions. The patches are issued by device manufacturers to fix the vulnerabilities in the device.
Even if we take measures only for parts that are particularly affected, much of the serious trouble will be improved. It is necessary to focus on dealing with threats that are particularly high risk based on the environment, type, and use case of IoT. Depending on the environment and industry in which we use IoT equipment, we may have to consider Safety as a top priority. Medical equipment that gives priority to human life and control equipment for electric power, oil, and gas, etc., where the impact of accidents is enormous. It is effective and effective to design security according to the environment and characteristics of the equipment to be used. These aspects are “not optional”, but rather a necessity in order to safely use IoT in offices and at homes.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.