Governments may be forced to regulate IoT device manufacture
22 December 2017 | 0
The growing power and reach of botnets leveraging Internet of Things (IoT) devices may precipitate governments addressing IoT security with regulation, according to researchers at WatchGuard Technologies.
“The Mirai botnet showed the world just how powerful an army of IoT devices can be to launch successful, record-breaking DDoS attacks against popular web sites like Twitter, Reddit and Netflix,” said Corey Nachreiner, CTO, WatchGuard Technologies.
While the number of IoT devices with weak or non-existent security, both in development and deployment, continues to grow said the researchers, attackers have already started improving on the Mirai source code, which will mean larger and stronger botnets in 2018. The researchers cited the example of the Reaper botnet which actively exploits common vulnerabilities in IoT devices to gain access to the devices instead of relying on a hard-coded credential list.
“Potential IoT device regulations will most likely affect manufacturers of consumer-grade IoT devices first, since the end users of these products don’t have the knowledge to secure their own devices,” says Nachreiner. “These regulations will probably mirror similar liability-oriented regulations in other industries, where the manufacturer is held at least partially accountable for flaws in their products.”
Palo Alto Networks has argued an alternative approach, whereby IoT security is achieved through network functions.