Are persistent bots permanently rooted in your smart home?

IoT botnets have been known for quite a while, but they gained household infamy after Mirai grabbed the headlines back in 2016. The tremendous attack against DNS service Dyn is believed to have originated from nearly 100,000 infected devices. Since then, the security research community has kept an eye on any developments in IoT botnets, analyzing the dynamics of device infestation, how devices inadvertently “change” owners and what vulnerabilities are being exploited to hijack them.

Persistent malware is a game changer inside the smart home

Today, several IoT botnets are fighing each other to amass armies of devices to launch  devastating DDoS attacks against various targets. The competition is fierce, as one major drawback of IoT malware is its lack of persistence. A bot infection can only be exploited for as long as the malware’s code is loaded into the memory, which means that device reboots and power loss are enough to clean the device up. This makes botnet growth a sysiphic task; while harvesting new devices, others escape slavery through power loss or reboots.

Now botnet operators seem to have taken their creations a step further, as new persistent bots are being discovered. In May 2018, Bitdefender identified Hide and Seek, the first IoT botnet with device persistence, closely followed by Cisco’s discovery of VPNFilter – a piece of malware with more advanced survival capabilities. And this changes everything.

According to Bitdefender’s real-time telemetry, routers are the most-targeted devices in the IoT space, with half of all consumer routers suffering at least one important security vulnerability. In addition to routers, NAS devices and network attached printers are affected by vulnerabilities that allow a third party to illicitly take control of the device. And, given the recent developments in persistence,  it is only a matter of time until hackers gain a permanent foothold inside the smart home.

Prevention is key

In most cases, infected “things” show few signs of compromise, and early advice to IoT owners was limited to just reboot or power-cycle the device from time to time for some rudimentary “cleanup”. But now, more than ever, prevention is key.

The most important action a smart home owner can take is to ensure your devices are clear of known vulnerabilities and misconfiguration. This is very difficult to do manually -- unless you are a professional who reads vulnerability disclosure sites every day, chances are you’ll never learn about any vulnerabilities that affect your connected devices at home.

This is why automated vulnerability assessment technologies running on security hubs for the smart home are now a must-have. It helps you stay in the know whenever one of your devices (router included) has security issues or is poorly secured, and it helps you take reparatory action. If a newer firmware version is available for the affected device, install it. If it isn’t, ask your vendor to provide one. And, ultimately, if the vendor refuses to help, you at least know it’s time to get a device from a vendor that takes security seriously.

Fully fledged security solutions for IoT devices such as the Bitdefender BOX have arrived on the market in the past few years, and have quickly become the recommended way to secure smart things. The Bitdefender BOX, for instance, features several security layers that complement the Vulnerability Assessment feature to make sure your smart stronghold does not get compromised. The high-performance hardware doesn’t just move your packets across the network – it also allows for anomaly detection, traffic filtering and visibility into the vulnerable devices on your premises.

But even if you don’t have a Bitdefender BOX security hub at home, there is an additional way to check your home devices for vulnerabilities for free. All it takes is a Windows PC and the free Home Scanner application that lets you sweep your devices — particularly your router — for vulnerabilities you don’t know about.