Cybersecurity researchers say smart devices are playing an increasing role in attacks against organizations. With many working remotely, unsecured smart devices offer an unprecedented vector for attack.
As the coronavirus pandemic spread this year, brilliant colored dots proliferated across an interactive map on a big screen in a University of Texas at San Antonio lab.
They were tracking infections of the cyber variety, which were spreading wildly too — in “smart devices” such as security cameras, thermostats, digital video recorders and baby monitors.
Attacks on objects, other than computers, that connect to the Internet more than doubled compared to the months before the pandemic emerged, according to research led by Elias Bou-Harb, associate director of the Cyber Center for Security and Analytics at UTSA’s business school.
Experts believe nine out of 10 smart devices send unencrypted information across the Internet. The swelling number of people working from home provides an ideal environment for hackers, who can jump from smart devices to machines that log into organizations’ networks, Bou-Harb said.
“The devices are being pushed to the market with little security in mind,” he said. “They’re vulnerable to basic attacks.”
Bou-Harb and a team of researchers have been analyzing network traffic worldwide. On any given day, they can see hundreds, if not thousands, of undetected hacks in smart devices in the United States alone.
Now UTSA’s Cyber Center is improving on its database with the goal of detecting smart device hacks in real time and notifying organizations or Internet service providers of vulnerabilities. That system could be operational by the end of the year, Bou-Harb said.
The researchers are also building infrastructure to narrow their findings to smaller geographic areas, such as San Antonio, Austin or Houston, for the public.
“I’m really looking forward to having our system where we can start making an impact on cybersecurity here in San Antonio, and in the United States and all over,” Bou-Harb said.
UTSA’s Cyber Center leverages data from the U.S. Department of Homeland Security and the University of California San Diego, which together built a “network telescope” that uses sensors to capture a large sample of malicious traffic — 100 gigabytes per hour. But UTSA’s center is unique in using the data to analyze attacks on smart devices, while most other cybersecurity experts use it to address computer hacks, Bou-Harb said.
Once the cybersecurity center had the network telescope data, researchers used it to map hacks using different colored dots, with red circles indicating the greatest volume of malicious activity. Morteza Safaei Pour, a doctoral student, has been working on the map for more than two years.
The goal is for average people to see and understand the data, said Nicole Beebe, the center’s director.
Some hacks on smart devices are sponsored by foreign governments that use botnets, or networks that run orchestrated malicious scripts, compromising thousands of devices daily, Bou-Harb said. A few such campaigns targeted smart devices in the medical sector, he said. Smart devices can also be infected in water, power and manufacturing facilities.
Attacks on medical devices more than doubled worldwide during the pandemic, Bou-Harb said. The researchers found exploited devices in at least 72 hospitals and clinics around the world, including at least six in the United States. In one case, a medical imaging device in an operating room was compromised, Bou-Harb said.
“That device could continue to function normally, but at any time, the operator could tell the device to malfunction,” he said.
Bou-Harb’s project has received a National Science Foundation grant to continue until 2022 and possibly longer. His team of a half-dozen researchers collaborates with a handful of others in Canada.
Through federal funding, they acquired servers to run a smaller amount of data at UTSA. In an innovative method, they taught machines to identify patterns in network traffic that flag compromised devices, Bou-Harb said. Then they can scan to get identifying information about the hacked devices and log their findings in a database.
When the system is complete, they will be able to notify consumers, organizations or service providers such as Comcast or Spectrum if smart devices on their networks have been hacked, Bou-Harb said.
The lab is working on ways to determine how devices were compromised and how to fix vulnerabilities remotely. But Bou-Harb also wants to teach the public about heightened risks that come with smart devices and about basic protection strategies, such as restarting the equipment and updating servers.
“We would like the non-technical society to be aware not to adopt these technical devices blindly,” he said. “Keep an eye on your devices.”