BADBOX 2.0

Continuing on the topic of compromise of internet of things (IoT) from my January blog post the FBI released last week a notice on a botnet called BADBOX 2.0 that is being used to target home IoT devices. These affected devices are compromised prior to purchase or through malicious applications downloaded outside of trusted and official application marketplaces. Below are some of the indicators that can be used to detect potential compromise:

• The presence of suspicious marketplaces where apps are downloaded.

• Requiring Google Play protect settings to be disabled.

• Generic TV streaming devices advertised as unlocked or capable of accessing free content.

• IoT devices advertised from unrecognizable brands.

• Android devices that are not Play Protect certified.

• Unexplained or suspicious Internet traffic.

Below are the mitigations recommended by the FBI internet crime center:

• Maintaining awareness and monitor Internet traffic of home networks.

• Assess all IoT devices connected to home networks for suspicious activity.

• Avoid downloading apps from unofficial marketplaces advertising free streaming content.

• Keeping all operating systems, software, and firmware up to date. Timely patching is one of the most efficient and cost-effective steps to minimize its exposure to cybersecurity threats. Prioritize patching firewall vulnerabilities and known exploited vulnerabilities in internet-facing systems.

If one device becomes compromised on your home network this opens up opportunities for additional devices to become compromised as well. This should represent a low risk if you use official marketplaces for application downloads and use trusted vendors for purchases.