In a recent article on Dark Reading, it was revealed that millions of IoT devices were exposed to a peer-to-peer (P2P) vulnerability. Given how wide-spread IoT devices are, and how device adoption will continue in organizations, it is important to understand the nature of these devices and how organizations can prevent these vulnerabilities from becoming backdoors into the corporate network. Specifically, let’s take a look at how businesses can protect themselves from P2P and IoT vulnerabilities.

Peer-to-Peer

What is P2P?

Nearly everyone reading this already knows the answer, but for those of you that don’t—or are unwilling to ask—let me break it down for you. P2P (yes, that’s a link to Wikipedia; you didn’t think I would just copy and paste it here, did you?) has been around for decades, and was made popular by Napster in 1999. This type of traffic is often marked as unwanted or illegal because of its connection with BitTorrent et al. with regard to downloading pirated software, music, games, etc. However, the technology is also deployed in many legal ways that improve network performance by reducing bandwidth. One such example is Windows Updates in Windows 10 when Delivery Optimization is enabled. Instead of every user on the network downloading updates independently, network-connected machines can retrieve already downloaded updates from peers on the network. It’s a great technology that can significantly reduce download time and network congestion, but, unfortunately, is now being used by hackers to take over IoT devices and gain access to the broader network.

So, we know that P2P is a feature included in many devices, like IoT cameras, that lets users access them without special, manual configuration. These devices have unique IDs that let the users connect to them from nearly any device, but what can organizations do to protect themselves from attacks?

Protecting your network from IoT devices

In the case of the iLnkP2P, there doesn’t seem to be much recourse other than completely disconnecting the devices from the network (which isn’t really helpful given that these are supposed to be internet-connected cameras).

For all IoT devices, it is critical that you monitor the traffic taking place between the devices and the rest of the network. Specifically, understanding the baseline traffic pattern for these devices is paramount. All IoT devices have one thing in common; they are all purpose-built to deliver on a narrow set of tasks—be that a camera, a smoke detector, or microwave. Because of this commonality, IT professionals can easily detect when network devices stray from the path and start communicating with devices on the network that they wouldn’t normally communicate with.

In some cases, this type of communication is more difficult to baseline, as is the case of the iLnkP2P connected devices. Because they rely on P2P, it can be difficult to understand normal communication from external devices, but internal communication should be a concern when these devices are communicating with devices that have no part in the devices functions (e.g., control servers or DVR systems for internal cameras).

If you want to understand how your IoT devices are communicating on the network, download a 30-day trial of Scrutinizer today. It will show you how these devices are interacting on your network and alert you when they start going off the path.

Justin

Justin Jett is Director of Audit and Compliance at Plixer with roles ranging from system administration of web services to technical product marketing for Plixer’s incident response system, Scrutinizer. Jett, a graduate of the University of Maine at Farmington, is an avid learner of all things security, with a particular interest in TLS and DNS attacks.

Related