Your router won’t protect you when smartphones attack smart homes – Computerworld
If you watched the season premiere of Mr. Robot, then you saw the hellish havoc fsociety visited upon the smart home of E Corpâ€™s general counsel. She had no control over the internet-connected alarm system, lights, thermostat, stereo, TV or even the temperature of water during a shower.
Most folks donâ€™t have an entire smart home, yet they may have some smart devices. If you had maybe a half-dozen or more Internet of Things (IoT) gadgets and they all started going off, and you couldnâ€™t regain control, youâ€™d likely realize your â€œsmartâ€ house was being hacked, but maybe not understand how.
While weâ€™ve heard endlessly about the lack of good security being built into IoT devices, researchers wanted to show â€œreal, not hypotheticalâ€ attacks which would prove that home routers and firewalls do not protect â€œsmartâ€ devices from internet attacks. The research paper â€œSmartphones attacking smart homesâ€Â was presented at the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2016).
First, the researchers explained why some people believe a router keeps IoT devices â€œsafeâ€ from outside attackers. From outside your home network, an attacker canâ€™t see your smart lightbulbs, webcams, motion detectors, power switches, photo frames, etc. But if a hacker knew you had them and an external attacker wanted to hack your Phillips Hue lightbulb or Belkin WeMo power-switch, the packets sent would go to the home gateway; the gateway would not know which of the IoT devices, each with their own private IP address, to send the packets, so the unsolicited traffic would be dropped.
The researchers said, the â€œâ€˜firewallâ€™ feature, a side-effect of network address translation (NAT) between the public and private IP addresses, protects IoT devices in the home from direct internet attacks.â€
But before you go feeling too secure, the researchers warned, â€œNAT/firewall protection is somewhat illusory, and can be easily penetrated by malware on usersâ€™ smartphones.â€ In fact, they called the over-reliance on home routers to protect smart devices to be â€œdangerous.â€
For starters, researchers Vijay Sivaraman, Dominic Chan and Dylan Earl from the University of New South Wales and Roksana Boreli from National ICT Australia chose to get their maliciously tainted app into Appleâ€™s AppStore, since getting malware into a Google Play Android app is too easy. They took a legitimate app from the AppStore, tweaked it to include malware, and then got their proof-of-concept iOS app approved even though Apple has a more stringent approval process than Google.
The tainted app discovers IoT devices inside a personâ€™s home, inside their network, although the average user would have no clue this was happening; the reconnaissance of scouting for IoT devices in the home could not have been done from outside the home network. It would give an attacker the IoT â€œlandscapeâ€ inside the home, so he or she could decide how best to attack a victim.
The app uses Universal Plug-n-Play (UPnP) to modify firewall settings, to reconfigure routers, and opens ports to IoT devices so an external attacker could access those devices. In case you didnâ€™t know, most home routers support automatic port-mapping via UPnP by default for things like P2P sharing and video calling. But that feature is also a flaw as it is what makes the researchersâ€™ â€œattack vector a serious security threat for IoT devices.â€ The smart devices are then exposed to the Internet so an outside attacker can take control of the smart home.
Once a hacker is done, then â€œthe malware can restore firewall configuration to remove trace of the attack, or keep it open for future attacks.â€
They used their iOS app, which they did take down after testing on the project teamâ€™s homes, â€œto discover several IoT devices in multiple homes,â€ and â€œto surreptitiously modify firewall configuration on home gateways from multiple vendors.â€
Then they demonstrated â€œhow an attacker can compromise multiple IoT devices (including a Belkin WeMo power switch and a D-Link IP camera) previously thought secure behind NAT/firewall.â€
Donâ€™t think those are the only vulnerable devices since they added that there is a wide range of IoT devices which could be exploited after the smartphone app infiltrates a smart home.
Sure there are some security extensions to the UPnP protocol, but the researchers seriously doubt home router manufacturers will implement them; non-techie users would freak out if they had to manually configure access before running P2P apps, game servers or make video calls.
If a hacker were able to release a malware-laden smartphone app, which could circumvent a home routerâ€™s firewall protection, into a â€œtrustedâ€ app store â€“ clearly it can be done since the researchers did so, then the researchers warned:
An attacker can use such malware to build a database of household IoT devices, while also creating port-mappings on the home routers in readiness for a future attack. An attacker can thus launch a large-scale attack against these households at a time of their choosing, or worse yet, offer this as a service to other malicious entities. In some ways this parallels the large-scale DDoS attacks prevalent today (such as the DD4BC extortion scheme) that abuse the SSDP, DNS, and NTP protocols to amplify attacks on victims, with significant economic costs.
If you keep up with IoT hacking news, then none of this will shock you, but it is an important reminder of how easily anyone with â€œsmartâ€ devices could be hacked and lose control just like the large-scale smart home attack portrayed on Mr. Robot.
Write a Reply or Comment:
You must be logged in to post a comment.