University IoT enabled Vending Machine Brings Campus Network to a Crawl

Last month an unnamed university featured in a Verizon Data Breach Digest  regarding Internet of Thing equipped devices (IoTs) published a story regarding a botnet army throttling the campus network to the point of limited or no connectivity for it’s students. What made this particular attack interesting however was that the DNS name servers were creating high volume alerts for seafood-related searches.

According to the article, the university in question handed  over the DNS and Firewall logs to Verizon’s RISK team for further analysis and discovered over 5,000 discrete systems, ranging from soda machines to lightbulbs, were making hundreds of DNS lookups every 15 minutes. According to a RISK team member, these devices were “Were supposed to be isolated from the rest of the network, it was clear that they were all configured to use DNS servers in a different subnet.” and the botnet “spread from device to device by brute forcing default and weak passwords”. On the advice of the RISK team, the University was able to halt the throttling by using a packet “sniffer” (software or hardware that can intercept information) to intercept a clear-text password of the infected IoT devices and use it to re-gain control of their property.

In essence this story, while humourous to an outsider, stakes the credibility of an IoT network attack. In this particular instance, using the power of Internet equipped Lightbulbs, soda machines, vending machines and the like, Campus network was severely rendered useless. To the untech-savvy the solution would have been to replace these 5000 units in order to make the problem go away. In the hands of someone more devious, an attacker could have also integrated the botnet on equipment that can also track voice or video for further gain. This all being said, a solution is possible to prevent the attack and further attacks by practicing in solid IoT security fundamentals such as creating separate Network Zones for IoT devices, and Changing the devices default credentials if possible.

 

References:

https://www.engadget.com/2017/02/17/when-vending-machines-attack/

http://www.networkworld.com/article/3168763/security/university-attacked-by-its-own-vending-machines-smart-light-bulbs-and-5-000-iot-devices.html

Verizon Data Breach Article

 

 

You May Also Enjoy:

Mirai DDoS and IoT

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s