December 9

Be a Hero: Without Breaking a Sweat

With the holiday season in full swing all of us who have a job that is remotely IT related become the extended family’s tech support person. It really doesn’t matter how much technical knowledge you really have. What does matter is that you know better, at least I hope you do. All of us, that is you dear reader, will have the opportunity to help keep our loved ones safe online and help to incrementally weaken the power of some of the criminal bot-nets that have been plaguing the web recently.

Let’s Clear Some Things Up

To begin with I want to make sure it is clearly understood that the Internet of Things (IoT), is not just made up of internet connected lights and toasters. Things (aka: systems) that connect to the internet are what make up the “internet of things”. This encompasses a surprisingly large number of various devices, for example: home internet routers, internet connected cameras, home automation systems, and countless other items. The list is growing daily and these devices often come with vulnerabilities installed and no simple or automatic method to update them. Hence, there are millions of these little devices connected to the web with hundreds of thousands more coming online every day.

A large portion of the most powerful networks of zombie computers (systems that do the bidding of a criminal’s command server) are heavily reliant upon IoT devices to power their attacks. This means that every toaster, camera, and especially routers, are a serious threat in almost every home, even your grandmother’s. Start at your own house, take stock of every item in your house that has an IP address.

Start with the Router

A substantial portion of the homes in the United States have high speed internet piped directly to a wireless router/modem. These devices are given to the customer, usually at a high cost, by the Internet service provider’s (ISP). The devices are almost without fail the cheapest and least secure (by default) devices they could buy. Log into the router’s configuration or admin page (just Google for device specific directions) then before you do anything else change the admin password.

After the admin password has been changed from the default, check the firmware to see there are any updates available. If so, install these updates immediately and reboot the router. Now using that admin console most routers will allow you to see a list of devices that are connected to that access point. This is a good way to take stock and see what other devices may be communicating out to the internet. Anything that is connected should be checked make sure the default admin passwords are changed and firmware is up to date.

Grandma’s House

Now, as you head out to spend time with your extended family over the holidays give them the gift of security. When you are inevitably pecking at your phone cause everyone is watching something you couldn’t care less about, check out their router. See what devices they have on their networks. In the case of a non-technical relative, despite the general consensus that this is bad, write the passwords down for them. Tell them to keep them somewhere they can find it. Then, next year when you go back you will already know the admin passwords and updating their firmware will take even less time.

Everyone Can Help

While every little bit helps and each of us should do what we can, the more that are involved the bigger the impact. So, tell your techie friend about this idea, they don’t have to read my blog, just tell them to fix their family’s stuff. If all of us, meaning anyone who knows about technology, would do that it could have a serious impact on some of the criminal’s ability to carry out such high impact attacks against infrastructure that holds the Internet (upon which most of us rely) together.

Regardless of whether you plan to stay in this December or fly across the country to see relatives take ten minutes to steal some of your own devices back from the bad guys. You can even do this from your phone’s web browser while you are binge-watching whatever show you plan to watch during your break. Enjoy the holidays, no matter how you spend them, but let’s also spread some holiday security.



Copyright © 2014. John R. Nye, All rights reserved.

Posted December 9, 2016 by john.r.nye@gmail.com in category "Bellevue CYBR650

About the Author

Professional penetration tester with nearly a decade of experience in IT security. For more details look me up on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked *