
We all know by now that IoT is vulnerable, and after our survey of vulnerable remote configuration services last year, we began to pursue the actual repercussions of those vulnerabilities. After we published Devil’s Ivy and CVE-2017-9466 last summer, we decided to tackle the problem of “then what?” After an attacker compromises a camera or gains control of a router, what happens next? If a company’s valuable data is in a secure location, does it matter if an attacker compromises its Nest thermostat?
As previously noted, attacks that take over a network, device by device, has remained largely within the sphere of pundits and hypothetical discussions. So we have tended to think about lateral attacks as being solely within the realm of sophisticated attackers, but as we explored this project in more depth, we came to realize that this kind of attack requires very little technical knowledge.
While we are not aware of publicly available exploits for the vulnerabilities we discovered, products like Metasploit allow those with a basic knowledge of networking and the Linux command line to do some damage without writing a single line of code. After exploiting a first device, an attacker can use the additional access to take over the rest of the network, exploiting device after device.
As previously noted, attacks that take over a network, device by device, has remained largely within the sphere of pundits and hypothetical discussions. So we have tended to think about lateral attacks as being solely within the realm of sophisticated attackers, but as we explored this project in more depth, we came to realize that this kind of attack requires very little technical knowledge.
While we are not aware of publicly available exploits for the vulnerabilities we discovered, products like Metasploit allow those with a basic knowledge of networking and the Linux command line to do some damage without writing a single line of code. After exploiting a first device, an attacker can use the additional access to take over the rest of the network, exploiting device after device.