Like many Internet professionals, Kevin Epstein is his extended family's IT department—at least when he's not busy tracking over a billion bits of cyber threats a day as a vice president for cybersecurity firm Proofpoint. So he got the frantic call from a family member two months ago when email was bouncing from the family's financial counselor account. Usually Epstein's solution is a simple reboot but this was different, he says.
"Their router was currently fine," says Epstein. "But at some point in the past it had been compromised and used to send malicious email." As a result the router was sending out spam which other Internet providers, like the one used by the financial advisor, blocked.
The Sunnyvale, CA.-based Proofpoint, was the first to report on spamming by connected devices or those that make up the Internet of Things (IoTs), which is anything that connects to the Internet, and to each other, such as smart doorbells and smart blinds to name just a few. Proofpoint's report in 2014 highlighted IoT devices that had been converted into zombies, or thingbots, as the company christened them and have included routers, Linux based multi-media centers, televisions and one now-infamous refrigerator.
Other IoTs to put on your watch list are baby monitors, and certain toilets, like the Satis smart toilet, which three years ago, was found to have a vulnerability that made it susceptible to hacking. As IoT devices become more common place these vulnerabilities are expected to increase.
"A sizable portion of spam is routed through thingbots, through devices, through home routers, through compromised commercial routers, and various other devices, including mobile devices," says Epstein.
A hacker will use an IoT device to relay spam messages to help disguise the origin of the spam and evade spam filters and law authorities, he says.
What's the best way to keep your IoT from becoming a thingbot? Update the device as soon as security patches are issued by the manufacturer. Failure to update can cost you fees in wasted bandwidth and the possibility that your Internet provider will cut you off—just like they did to Epstein's family member if they find you are sending out nuisance emails.
"As soon as vulnerabilities are publicized, hackers immediately start taking advantage of them," says Cesare Garlati, chief security strategist of the prpl Foundation, a non-profit that promotes development of open source software in an email. He suggests protecting your router with a strong password, using filtering control so rogue devices cannot connect to it, and never opening any ports on the router's firewall.
Garlati also advises never opening up the universal plug and play (UPnP) feature. Vendors often promise that doing so will enhance the experience of gaming, for example, Garlati says. "UPnP is a consumer device feature that can be seen as horrific by some for security as it opens a port which can enable malware and attackers to get in," he say.
Instead, Garlati suggests using the guest network feature on your home router for all tablets, mobile phones, and laptops. Then assume all of them are compromised, he says.
Another security strategy is to connect your IoT device to your home system with an ethernet cable, as opposed to connecting wirelessly, suggests Steve Hausman, President, of Hausman Technology Presentations in Maryland. A secure router with antivirus is also a must, he says.
Finally, if your Internet connection is suddenly very slow, and you think your IoT has become a thingbot, check to see if there are legitimate applications that are using up your bandwidth by checking one at a time, says Mikael Dubreucq, IoT product director for INSIDE Secure, an embedded security vendor. And if you find one, disconnect that device immediately.
"Close the application ... and see if the network usage drops," he says. "If not, the IoT device is probably infected."