It is no mystery why the internet of things (IoT) is growing as readily as it is. Internet-integration with our practical and offline lives further facilitates our increasingly-electronic states of being. While you may think that a universal controller or Amazon’s “Alexa” Echo Plus Voice Controller is something you would want in your home, to light your automatic fireplace or to dim the lights, keep in mind that the more IoT services and devices we use, the more significant a threat is created to the DNS through larger IoT Botnets, adverse effects of IoT-software updates and the continued development of online bad-guys and their bot-herding software.
Security researchers from ICANN, the Internet Corporation for Assigned Names and Numbers, and IBM’s X-Force, their bad-to-the-bone threat identification team, have recently unveiled reports showing the interplay between DNS and IoT, including warnings about the dangers that IoT botnets, private networks infected with malware that is controlled without the knowledge of their owners, have on the availability of DNS systems, says Network World.
“A significant number of IoT devices will likely be IP enabled and will use the DNS to locate the remote services they require to perform their functions. As a result, the DNS will continue to play the same crucial role for the IoT that it has for [other] traditional applications that enable human users to interact with services and content”, a report from ICANN’s Security and Stability Advisory Committee (SSAC).
What this means is that as more IoT devices come into the fray, more and more will continue to use the same DNS servers as are used for just about everything we do online. ICANN continues to say that the “role of the DNS might become even more crucial from a security and stability perspective with IoT devices interacting with people’s physical environment”, which makes sense as now with more advancements in IoT, having your automated fridge hacked could be as common as having your email hacked.
The Burdens of IoT
A newly emerging risk is that the IoT could place new burdens on the DNS. ICANN drew this example, “a software update for a popular IP-enabled IoT device that causes the device to use the DNS more frequently (e.g., regularly lookup random domain names to check for network availability) could stress the DNS in individual networks when millions of devices automatically install the update at the same time”.
This programming error, caused by individual devices, could result in a singular massive distributed denial-of-service (DDoS) attack from the perspective of the DNS infrastructure operators. Such incidents have already been caused in smaller scales, but they could become more common and more significant as IoT devices grow and manufacturers equip them with controllers that use the DNS, according to ICANN.
Clouds Under Threat
Cloud-connected IoT devices could put cloud resources in danger. Charles DeBeck, senior cyber threat intelligence strategic analyst with IBM’s X-Force reported that “IoT devices connected to cloud architecture could allow Mirai [an IoT botnet created for the purpose to disrupt and accost IoT services and the DNS] adversaries to gain access to cloud servers”.
“They could infect a server with additional malware dropped by Mirai or expose all IoT devices connected to the server to further compromise”, a scary thought, especially if the cloud targeted is that of an important and large organization, such as a bank. DeBeck says such a disruption “could be catastrophic”.
New Developments in Malware
“Since this activity is highly automated, there remains a strong possibility of large-scale infection of IoT devices in the future”, says DeBeck. He continues to say that ‘threat actors’ or ‘internet bad guys’ continue to find new targets which include new types of IoT devices, and may begin looking at IoT devices linked industries to increase their profits.
A group called Shaolin, DeBeck says, has been targeting consumer-brand routers from Netgear and D-Link. Another malware family, Gafgyt represents “27 per cent of all observed instances of IoT targeting so far in 2019”.
Other challenges being faced by DNS systems could be less malicious and come down to simple unfriendly programming, programming not written in tune with the specifications of DNS systems in mind that could cause unintentional DDoS attacks or create massive traffic blocks.
Five Ways to Improve IoT-DNS Security
ICANN made five key recommendations to improve IoT-DNS security:
1. Creating a DNS library for IoT devices that makes DNS security functions available for user-control through an application.
2. Training for IoT and DNS professionals, to help them better understand how to work in integration and allow IoT device manufacturers to comprehend how to use the DNS more effectively.
3. Creating a system that lets DNS operators automatically and continually share information on IoT botnets.
4. Creating systems that let DNS operators share DDoS-handling capacity so they can deal with very large IoT-powered DDoS attacks better.
5. Creating a system that lets DNS operators measure how the IoT uses DNS to better understand the risks the IoT poses for the DNS.
By Luis Monzon
Follow Luis Monzon on Twitter
Follow IT News Africa on Twitter