The Internet of Things will host devastating, unstoppable botnets

Mirimir mirimir at riseup.net
Thu Apr 13 03:18:10 PDT 2017


On 04/12/2017 06:35 PM, Razer wrote:
> Bwahahahahahaaahackcoughgasp-wheeeeeze!

| Abstract: Within the next few years, billions of IoT devices
| will densely populate our cities. In this paper we describe a
| new type of threat in which adjacent IoT devices will infect
| each other with a worm that will spread explosively over large
| areas in a kind of nuclear chain reaction, provided that the
| density of compatible IoT devices exceeds a certain critical
| mass. In particular, we developed and verified such an
| infection using the popular Philips Hue smart lamps as a
| platform. The worm spreads by jumping directly from one lamp
| to its neighbors, using only their built-in ZigBee wireless
| connectivity and their physical proximity. The attack can
| start by plugging in a single infected bulb anywhere in the
| city, and then catastrophically spread everywhere within
| minutes, enabling the attacker to turn all the city lights
| on or off, permanently brick them, or exploit them in a
| massive DDOS attack. To demonstrate the risks involved, we
| use results from percolation theory to estimate the critical
| mass of installed devices for a typical city such as Paris
| whose area is about 105 square kilometers: The chain reaction
| will fizzle if there are fewer than about 15,000 randomly
| located smart lights in the whole city, but will spread
| everywhere when the number exceeds this critical mass
| (which had almost certainly been surpassed already).

https://eprint.iacr.org/2016/1047

>> Bruce Schneier takes to the pages of Technology Review to remind us
>> all that while botnets have been around for a long time, the Internet
>> of Things is supercharging them, thanks to insecurity by design.
>>
>> Botnets are useful for denial of service attacks, but they're also an
>> indispensable part of the spam ecosystem, clickfraud, extortion, and
>> other bad news.
>>
>> Cheap IoT gadgets are manufactured by absentee proprietors and large,
>> respected companies who ignore urgent warnings about their defects (or
>> punish people who complain by remote-bricking their gadgets), leading
>> to nightmarish breaches.
>>
>> Worse, IoT manufacturers use antiquated DRM laws to threaten security
>> researchers who reveal the defects in their products with brutal
>> lawsuits and even jail-time (and this will be a risk for any device
>> controlled by a browser).
>>
>>> ..... Once you know a botnet exists, you can attack its
>>> command-and-control system. When botnets were rare, this tactic was
>>> effective. As they get more common, this piecemeal defense will
>>> become less so. You can also secure yourself against the effects of
>>> botnets. For example, several companies sell defenses against
>>> denial-of-service attacks. Their effectiveness varies, depending on
>>> the severity of the attack and the type of service.
>>>
>>>     But overall, the trends favor the attacker. Expect more attacks
>>> like the one against Dyn in the coming year. 
>>
>>
>> Botnets of Things [Bruce Schneier/MIT Technology Review] 
> 
> 
> Clickthru boingx2 (some other links on-page):
> http://boingboing.net/2017/04/12/forever-day-bugs-2.html
> 
> 
> 


More information about the cypherpunks mailing list