Internet of Things is a term we are all hearing – but very few people know what it means, or know what the dangerous impacts it brings with it regarding security.
Something major happened in 2017. Internet of Things (IoT) devices were exploited by cybercriminals and turned into a rogue and malevolent army. A series of distributed denial of service (DDoS) attacks affected websites connected to the cloud-based internet performance management company Dyn, including Amazon, Twitter, Reddit, Spotify and PayPal. It’s was possibly a watershed moment.
Here are 10 things you need to know about IoT.
1. Wait, what’s IoT?
Definitions vary, but the ‘Internet of Things’ refers to ‘smart devices’ like refrigerators that will tell us when we’re out of milk. But also, many smaller less outlandishly smart objects, such thermostats, coffee machines and cars. These gadgets are embedded with electronics, software, sensors and network connectivity so that they can connect to the internet.
2. So, what’s the problem?
Anything that connects to the internet, even if it doesn’t contain your medical records, poses a risk. The October 2017 attacks were made possible by the large number of unsecured internet-connected digital devices, such as home routers and surveillance cameras.
The attackers infected thousands of them with malicious code to form a botnet. Now, this is not a sophisticated means of attack, but there is strength in numbers. They can be used to swamp targeted servers, especially if they march in all at once.
3. How did the attacks actually happen?
Remember that bit in the instruction manual where it told you to change the default password? Well, if you didn’t, then chances are your IoT device could spring to life as a cyber zombie. The DDoS-attackers know the default passwords for many IoT devices and used them to get in. It’s a bit like leaving your house keys under a flowerpot for anyone to find.
Anyone putting an IoT router, camera, TV or even refrigerator online without first changing the default password is enabling attacks of this type. ESET research suggests at least 15% of home routers are unsecured – that’s an estimated 105 million potentially rogue routers.
4. Wait, do I need IoT devices?
Some people dismiss IoT devices as gimmicky; others believe that in a few years we’ll all have smart cupboards that tell us what we can have for dinner. But there are numerous discernible benefits, such as the sensors in smartphones and smartwatches that provide real information about our health. Or the “blackbox” telematics in cars which can prove how safe or unsafe our driving is and thus help with insurance claims.
5. So, this is a new problem?
Nope. The possibility for exploitation of this kind has been common knowledge since, well, the dawn of IoTs. But, we didn’t realize quite how vulnerable we were until last year’s attack. Malicious code infecting routers is nothing new, as this ESET research clearly demonstrates.
The advice to change the default passwords on these devices is not new and has been reiterated many times. Yet you can lead a horse to water, but there’s no making them drink. Years ago WeLiveSecurity reported on the existence of 73,000 security cameras with default passwords.
6. How far does it go back?
The IoT actually goes way back as far as the 1980s. But in a slightly Back to the Future iteration. Researchers at Carnegie Mellon University first came up with an internet-connected Coke vending machine in 1982.
7. Surely, internet giants have the power to stop this?
Sure, they do. But that doesn’t mean some of them haven’t left gaping holes available for malicious exploitation. At the Black Hat security conference last year, security research students from University of Central Florida demonstrated how they could compromise Google’s Nest thermostat within 15 seconds.
Daniel Buentello, one of the team members, was quoted as saying in 2014: “This is a computer that the user can’t put an antivirus on. Worse yet, there’s a secret backdoor that a bad person could use and stay there forever. It’s a literal fly on the wall.”
8. What can I personally do to stop this?
Look at IoT devices like any other computer. Immediately change the default password and check regularly for security patches, and always use the HTTPS interface when possible. When you’re not using the device, turn it off. If the device has other connection protocols that are not in use, disable them.
These things might sound simple, but you’d be alarmed by how easy it is to opt for convenience over good sense. Only half of respondents to this ESET survey indicated that they’d changed their router passwords.
9. What can companies do to stop this?
You might think, ‘What’s the point? If an attacker can breach Amazon, then what hope does my firm have?’ Well, don’t give up hope. Organizations can defend against DDoS attacks in a range of ways including boosting the infrastructure of their networks and ensuring complete visibility of the traffic entering or exiting their networks. This can help detect DDoS attacks, while ensuring they’ve sufficient DDoS mitigation capacity and capabilities. Finally, have in place a DDoS defense plan, which is kept updated and is rehearsed on a regular basis.
Think of it like a fire drill for your network. Also, watch out for Telnet servers. These are the dinosaurs of the digital universe and as such should be extinct, because they’re so easily exploited. Never connect one to a public-facing device.
10. But … and this is a big but …
The tech might have been around for a while but these kinds of attacks are brand new. As such there are no agreed best practice protection methods for stopping an IoT from turning against you.
At least, not ones that the experts can agree on. Some believe you should apply a firewall in your home or business and to regulate control of them to authorized users. However, another method would be to apply a certification approach: allowing only users with the right security certificate to control the devices and automatically barring any unauthorized profiles. If in doubt, unplug it.
Huawei Mate 20 Pro matches camera benchmark record
A benchmark by DxOMark sees the triple-cam handset tie with the P20 Pro for best smartphone camera on the market.
The Huawei Mate 20 Pro has come out top in a camera benchmark test that assesses all aspects of smartphone camera performance.
DxOMark, which conducts rigorous hardware testing and is trusted as an industry standard for image quality measurements, has just released the results of its in-depth analysis of the Huawei Mate 20 Pro smartphone camera.
The Huawei Mate 20 Pro is the Chinese manufacturer’s latest top-end device. Building on the P20 Pro’s camera technology, the Mate 20 Pro comes with a Leica-branded triple-camera setup, but swaps its stable-mate’s monochrome camera for a super-wide-angle module, offering a 35mm-equivalent focal length range from 16 to 80mm—the widest of all current smartphone cameras.
The handset is in direct competition with the Apple iPhone XS Max, the Google Pixel 3 XL, the Samsung Galaxy Note 9, among other. How does it fare?
“With a total photo score of 114, the Huawei Mate 20 Pro ties the record-setting score of its cousin, the P20 Pro,” says DxOMark. “The overall Photo score is calculated from sub-scores in tests that examine different aspects of its performance under different lighting conditions.”
The Huawei Mate 20 Pro achieves a photo score of 114 points. In stills mode, the Mate 20 Pro’s triple camera captures images with good target exposure and a wide dynamic range, recording both good highlight and shadow detail even in difficult high-contrast situations. Noise levels are well under control down to low light levels, and the camera’s white balance system and colour rendering settings produce a pleasant colour response in almost all circumstances.
At 97 points, the Mate 20 Pro is very close to the best for video as well, thanks to a fast and smooth autofocus system with good tracking performance, accurate white balance as well as pleasant colour rendering, and low levels of noise, especially in bright shooting conditions. Our testers also liked the exposure system’s ability to adapt quickly and smoothly to changes in illumination.
It was not all good news. DxOMark also had some criticism for the device.
Click here to read about the drawbacks of the Mate 20 Pro camera, and other positives.
SA car wins
The final stage of Dakar 2019 drew to a close at the bivouac in Pisco, Peru, and saw Toyota Gazoo Racing South Africa’s Nasser Al Attiyah and Mathieu Baumel bring home their South African-built Toyota Hilux for
The Qatari driver ensured his French navigator, who turned 43 years old on Thursday, 17 January, received a great birthday present, when the pair arrived at the final time control of Dakar 2019 with teammates Giniel de Villiers and Dirk von Zitzewitz in close formation. The two Toyota Hilux crews completed the entire stage together, as De Villiers / Von Zitzewitz waited nearly 55 minutes for the leaders to start the stage, in order to shadow them to the finish.
The emotions bubbled over for Team Principal Glyn Hall, who found himself without words as his two crews drove into the media area after the time control. “This victory was long overdue,” he finally managed, before being swamped in a sea of well-wishers.
The winning driver, however, was much more vocal: “We are so happy to win the Dakar – not only for ourselves, but also for Toyota and the entire Toyota Gazoo Racing SA team. Everyone has worked so hard for so long, and really deserve this. Thank you for letting us drive this car.”
Toyota Gazoo Racing SA led Dakar 2019 from the first to the last stage, with Al Attiyah/Baumel drawing first blood, before handing the mantle to De Villiers / Von Zitzewitz during stage 2. But then a disastrous Stage 3 saw the Qatari retake the lead – a lead he didn’t relinquish despite some of the toughest stages yet seen on any South-American Dakar.
“When we first heard that the rally was going to take place only in one country, we were skeptical,” said Hall after regaining composure. “But the organisers made sure that this year’s race will long be remembered as one of the toughest tests in the last decade.”
Al Attiyah / Baumel’s victory at Dakar 2019 means that Toyota Gazoo Racing has now won both of the world’s toughest automotive races – the 24 Hours of Le Mans, and the DakarRally.
Click here to read Glyn Hall’s comment on winning the Dakar Rally, as well as the rankings.