When you connect to the Internet, the Internet connects to you
Perhaps it seems clear from the title, but such a statement entails consequences that require our attention. Everyone understands the concept of the Internet and the opportunities provided by the interconnection of systems throughout the planet, ‘a new world within your reach’. However, littleattention is paid to the fact that this connection goes both ways, and the ramifications this entails. In this article we explore the different problems that arise from being online.
When we connect something to this huge network in order to obtain certain functionalities or services remotely, we must be aware of the ramifications and the elements that may be visible from the outside.
When a device is connected to the Internet by means of a router, it is completely exposed to the network.
Not everything that happens online is the result of human activity, as a lot of it is produced by robots (bots). If we were to analyse everything that goes through the router to give us access to the Internet, we would see that much of it comes from these bots. When a new device connects to the router to access the Internet, the bots will attempt to connect to the device as well.
Some of these bots are harmless, such as the ones in search engines like Google, which index the Internet so that websites appear in our searches. However, some other malicious bots have a darker purpose, as they try to gain access to systems to compromise and control them.
Once the system is compromised, the attackers behind this bot are able to use it for endless purposes.
Some examples would be the use of bots to mine cryptocurrencies, as reverse proxies (computers used to launch attacks and prevent the computer from being traced back), or even as part of an army of zombie computers (for massive denial of service attacks).
One such case of a network of zombie computers (or botnet) was that of ‘Mirai’. For those unfamiliar with the story, it launched one of the most massive attacks to date, which significantly affected or left most of the main websites without access to the Internet. This network then took advantage of the lack of security measures in Internet of Things (IoT) devices to control them, as they were unprotected and online.
Any device that is connected to the Internet, regardless of how simple it is, is exposed to this type of risk. One of the most commonly compromised devices are IP cameras. There is such a large amount of cameras unprotected that there are even websites that allow us to connect to them and see what they are recording, like www.insecam.org.
Among the well-intended bots, there are some that try to find vulnerable devices (like the bots mentioned earlier), but do not intend to exploit them illegitimately.
For instance, the camera website we just introduced only connects to the cameras. The goal of this type of pages is to raise awareness about the issues resulting from the lack of security when a device is accessible from the Internet.
Another such website is https://worldofvnc.net, which is based on VNC, a remote access system similar to the remote Windows desktop connection functionality. This site tries to access unprotected devices and then takes a screenshot of the ones it successfully accesses.
The goal once again is to raise awareness about the risks of being exposed online, but this time focusing on systems that use VNC instead of the cameras of the previous case.
These are not the only tools used to this end, as there is also the so-called ‘Google of hackers’, known as Shodan (www.shodan.io). Shodan analyses different IPs to check which ports and services are open and accessible from the Internet. This search engine allows us to determine what we are exposing to the Internet in order to properly manage their security.
When we see some of the results, we realise how worrisome some of the findings are. There are computers, cameras, industrial control systems, refrigerators, etc.
The growing trend of integrating Internet access into more and more devices that so far had no such functionality has made them vulnerable in the previously mentioned search engine. It seems that IoT security is not a priority for manufacturers, and oftentimes for device owners either.
Moreover, the famous Google engine can also be used to detect vulnerable elements since, as we have previously indicated, it indexes the Internet for our searches.
This technique is known as ‘Google hacking’, and it takes advantage of some specific searches that manifest the lack of protection in some element exposed online.
There are databases with different expressions that can be used in this search engine to find vulnerable elements. This way, it is possible to find specific elements that may be vulnerable when using the indexing capacity of search engines.
These search catalogues can be modified to filter the results, making it possible to target specific organisations. If the tools here introduced can detect vulnerabilities in devices accessible from the Internet, malicious bots can as well. When a device is found to be vulnerable by any of these tools, it is necessary to apply the corresponding security measures to prevent them from being compromised (if it has not happened already).
If our vulnerable devices are in the European Union or contain data of EU citizens, the consequences can be even greater. On top of the risk of one of our devices being compromised, it may also result in sanctions for not complying with the New General Data Protection Regulation (GDPR).
In addition to the Internet of Things, other types of devices that bots usually find to be vulnerable are different Cloud components and machines. It is common and relatively easy to have these Cloud components and machines in order to provide services online without requiring an infrastructure of our own, especially in the case of small components.
The problem is that many owners or users of these cloud computing services do not worry about the security of their machines and the data exposed online.
Service suppliers provide some protection to prevent the machines from being controlled by unauthorised agents, but part of the protection depends on users, so these measures alone are not sufficient.
In this context, information is often leaked from these cloud components. Some such cases have appeared on the news, like the leak of top secret information from the US army in November 2017, which resulted from the improper configuration of an Amazon cloud server. This means that cloud elements or devices have to be correctly protected in order to prevent these bots from compromising them and obtaining sensitive information.
Any element accessible from the Internet is exposed to a series of risks that should not be underestimated. It is essential to be aware of the fact that, if we connect something to the Internet, the Internet also connects to this item, and with it, the bots that patrol the network.
It does not matter if it is a temporary situation or if we do not think it is an important element, security should be always in our minds so long as we are connected to the Internet. For our peace of mind, any element that can be accessed online should be monitored in order to be sure that everything that connects to us will not bring about unpleasant surprises.