FBI Outlines IoT Risks in New Article

August 03, 2018

The U.S. Federal Bureau of Investigation (FBI) has released an article outlining what it has identified as the risks associated with internet-connected devices, commonly referred to as the Internet of Things (IoT). In the article, the FBI warns that cyber threat actors can use unsecured IoT devices as proxies to anonymously pursue malicious cyber activities.

The article is here in its entirety, but the key element is that IoT devices need to be evaluated for risk that they will act as a vector for attack into a network.

The FB lists as examples of targeted IoT devices: routers, wireless radios links, time clocks, audio/video streaming devices, Raspberry Pis, IP cameras, DVRs, satellite antenna equipment, smart garage door openers, and network attached storage devices.

IoT proxy servers, the article states, are attractive to malicious cyber actors because they provide a layer of anonymity by transmitting all Internet requests through the victim device’s IP address. Devices in developed nations are particularly attractive targets because they allow access to many business websites that block traffic from suspicious or foreign IP addresses. Cyber actors use the compromised device’s IP address to engage in intrusion activities, making it difficult to filter regular traffic from malicious traffic.

The FBI says that these bad actors, or cyber actors, are using compromised IoT devices as proxies to:

Send spam e-mails
Obfuscate network traffic
Mask Internet browsing
Generate click-fraud activities
Buy, sell, and trade illegal images and goods
Sell or lease IoT botnets to other cyber actors for financial gain

Cyber actors typically compromise devices with weak authentication, unpatched firmware or other software vulnerabilities, or employ brute force attacks on devices with default usernames and passwords.

Some of the key indicators that an IoT network or device has been compromised include:

A major spike in monthly Internet usage
A larger than usual Internet bill
Devices become slow or inoperable
Unusual outgoing Domain Name Service queries and outgoing traffic
Home or business Internet connections running slow

Ken Briodagh is a writer and editor with more than a decade of experience under his belt. He is in love with technology and if he had his druthers would beta test everything from shoe phones to flying cars.

Edited by Ken Briodagh

Get stories like this delivered straight to your inbox. [Free eNews Subscription]