Staving off the IoT Armageddon

IoT devices are increasingly popular and ubiquitous in numerous everyday settings.These specialized gadgets sense and actuate the environment using a wide range of analog peripherals.They are usually deployed in large numbers and often perform safety-and/or mission-critical tasks, in both military and civilian domains.It is no surprise that they represent attractive targets for various attacks.Adversaries range from nation-states to groups (motivated by politics, competition, or greed), to individual malcontents.Their goals vary based on targeted functionality: compromised sensors can exfiltrate sensitive information, while compromised actuators can affect the environment, i.e., physical safety and security.The well-known Stuxnet ( 2010) is an example of the latter, while numerous hacks into IoT cams exemplify the former.The infamous Mirai botnet ( 2017) is yet another "preview of coming attractions": it successfully zombified a huge number of consumer-grade cameras to form a global botnet later used to mount massive Distributed Denialof-Service (DDoS) attacks. 1 Sadly, recent history shows that few, if any, lessons were learned as a result of these attacks.Although not quite malware-relevant, the recent CrowdStrike fiasco underscores the problem.IoT devices are still commonly compromised via both known attack types and zero-day exploits.Realistically speaking, the worst is yet to come.Unfortunately, the current security research limelight is on (both real and imagined) dangers of AI and Machine Learning algorithms, their unfairness, etc.There is thus a real risk of missing the real and present danger posed by the rampant (in)security of the IoT ecosystem.What makes the situation so dire?There are several reasons: First, most IoT-focused attacks and exploits are not physical in nature, meaning that they do not require the adversary to be present at or near victim devices.Because devices are increasingly interconnected and/or connected to the global Internet, they can be reached and attacked remotely.This yields many benefits to the adversary, such as much greater scale of attacks and relative impunity.Remote attacks occur because, similar to general-purpose computers, most IoT devices are programmable and/or configurable, meaning that they contain software/firmware that is fundamentally malleable in order to support legitimate updates and customizable functionality.