Interpol has warned that all IoT devices that are connected to the Internet are at risk of cyber attacks and that the threat from hackers has increased significantly in the past two years.
Interpol has called for a multi-stakeholder approach which will allow law enforcement authorities to collaborate with the private sector to detect and investigate cyber attacks on IoT devices.
Interpol has warned users of IoT devices across the world that their devices, ranging from smart wearables, refrigerators, webcams, smart TVs or other home appliances, are at risk of cyber attacks at all times and that their devices could be misused by cyber criminals for malicious means.
The agency took the example of the Mirai botnet which infected “tens of thousands of devices, mostly Internet routers, with weak password security” in 2016 and then used the affected devices in coordinated distributed denial of service (DDoS) attacks against websites worldwide.
Interpol added that while police forces across the world are now developing the skills necessary to forensically examine computers and mobile phones, they are often not clear on how to collect evidence from IoT devices. “Cybercrime investigations are becoming more and more complex and operational exercises such as the Digital Security Challenge, which simulate some of the hurdles that investigators face every day, are vital for the development of our capacities,” said Peter Goldgruber, Secretary General of the Austrian Ministry of the Interior.
Noboru Nakatani, Executive Director of the INTERPOL Global Complex for Innovation, said: “The ever-changing world of cybercrime is constantly presenting new challenges for law enforcement, but we cannot successfully counter them by working in isolation. A multi-stakeholder approach which engages the expertise of the private sector is essential for anticipating new threats and ensuring police have access to the technology and knowledge necessary to detect and investigate cyber attacks.”
To hone their skills in conducting forensic analysis of IoT devices, Interpol conducts Digital Security Challenge contests every year, bringing together cybercrime investigators and digital forensics experts from across the world. This year’s challenge involved investigators identify the source of a malware that was injected into a bank’s systems through a compromised webcam.
The agency expects that future Digital Security Challenge contests will prepare investigators and analysts to prepare to tackle cyber crimes in the future and to identify emerging threats and vectors.
“Attacks on IoT devices such as internet connect fridges, TV’s, smart home devices etc. are down to flaws in the software running on them, and attacks will continue to happen until those flaws are dealt with. Good practices by vendors around configuration and authentication need to be initiated or matured to prevent this in future,” says Adam Brown, manager, security solutions at Synopsys.
“I would love to see certification for IoT devices become commonplace so that consumers can know that the devices are cyber safe, much in the same way that if you buy a toy with a CE mark you know it has been through a process of assessment and it won’t, for example, poison anyone because it has lead in its paint. A certified IoT device will be less likely to lend itself to a hacker to steal from you, use you as a place to attack others from, or use your electricity to mine cryptocurrencies for themselves,” he adds.