Beacons have gained a great deal of popularity lately as the go to devices for location-based or proximity marketing. Beacons are part of the Internet of Things used to connect mobile users to relevant information nearby. Although hackers have exploited IoT connected devices in recent DDoS attacks, Beacons have remained un-compromised. Beacons are controlled through secure management platforms which provide a layer of protection which common appliances are lacking. Companies like Aristotle Labs, and their product BeaconSage, continue to provide management for Beacons which are unaffected by the malicious software used in the recent DDoS attacks on Dyn.
If you are still interested in learning more about how the DDoS attacks were orchestrated using the physical web, read on below-
The scope of some hackers' aspirations has shifted. What began many years ago as pranks swiftly turned into attacks as hackers began to realize the potential of what they were doing. Corporate attacks to influence business started to emerge as a real threat to organizations. Counter hackers became Information Security Specialists and a black hat, white hat society has evolved. The information war has waged in the background, evolving with the internet ever since.
Some mechanics say that they can fix an old car but it takes a degree to figure out why a new car won't start. As technology evolves so does the potential for complex problems. The more working parts a thing has, the more likely it is to have a weak point somewhere. It is the same with the internet we depend on. As the internet grows into the physical web or IoT (Internet of Things), the number of "moving parts" has grown exponentially. Smart devices from refrigerators to washing machines have expanded the reach of the internet into the physical world but are now seen by some as the weak link in the internet's framework. Hackers have begun exploiting the security weaknesses in these devices with powerful results.
Recently, DDoS (distributed denial of service) attacks have become more prevalent and the scale of attacks has grown from single sites or corporations to massive attacks on the internet itself. A new DDoS program called Mirai exploits IoT devices using them as bots to direct massive amounts of data at targeted locations.
Mirai's power was first demonstrated in September of 2016 when it was used in a DDoS aimed at the website of industry expert Brian Krebs. At its peak, the attack aimed 620 gigabits of data a second at the site. It was one of the biggest attacks the internet had ever seen. Mr. Krebs had been investigating DDoS attacks and the hackers responded. After the attack, the malware was released publicly for anyone to use to build their own botnet.
On 21 October 2016, the malware was in action once again used by an unknown controller who directed an attack at Dyn, a major DNS service and crucial part of the internet infrastructure. The malware caused interruptions in major networks including Twitter, Reddit, Spotify, Amazon Web Services and the Playstation Network.
Jeff Jarmoc, head of security for global business service Salesforce, pointed out that internet infrastructure is supposed to be more robust.
"In a relatively short time we've taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters," he tweeted.
Is the Internet of Things Safe?
Fortunately for most of us the recent attacks have been more of a nuisance than a real problem. The potential is there but, so far so good. The Mirai malware wasn't used by hackers trying to uncover information like financial records or social security numbers. Most physical web devices like refrigerators and coffee pots used in the attacks don't have that kind of information. This wasn't a data breach, it was an attack using IoT devices. The malware exploits simple manufacturer installed passwords on common devices (mostly household appliances) to turn them into bots in its DDoS army. These common passwords are used by manufacturers to update appliances. Most devices don't even show any sign that they have been compromised and continue to work normally. But, tens of millions of these devices pinging a single location can cripple almost any server, that is how a DDoS attack works using the physical web.
Devices that are information sensitive have better security than the devices exploited by Mirai. This includes things like smartphones and tablets. Beacons have been unaffected as well.
Proximity marketing uses beacons to transmit notifications to nearby Bluetooth connected devices such as coupons sent to a customer's phone in a department store. They are customizable transmitters whose use has exploded over the past 2 years. Understandably, many beacon users like retail stores and entertainment venues were concerned when they heard that the Marai malware exploits IoT devices. Beacons aren't directly accessible by the malware though. Beacons are configured using a separate management platform such as BeaconSage to control what they transmit. Once a URL is set on a Beacon by the managing software, the Beacon can be taken entirely out of WiFi range and continue to operate. Most Beacon management applications like BeaconSage are protected by user set passwords. Not the same as the common passwords used on simple appliances.
What Lies Ahead
The use of internet-connected home devices to transmit DDoS attacks is a relatively new phenomenon, but may become more common. Companies like Google Project Shield are stepping up to combat the problem. Manufacturers will also have to rethink the use of common passwords on even the simplest of devices if they are connected to the internet. Until then, keep your passwords updated and don't get mad the next time the Playstation Network goes down. It's not their fault, it's your coffeemaker.