Welcome to the XCellAir Blog! A few promises:

  1. Self-promotion will be kept to a minimum and if the occasional blurb on some achievement is jotted down, it’ll be accompanied by a market or technology-related piece or two.
  2. We’ll be posting regularly…otherwise, what’s the point?!
  3. Periodically, the blog will have nothing to do with industry stuff. Our team is comprised of interesting individuals and we’d like to let you see behind the curtain.

Enjoy the reads, join in on the conversation and come back often!

Are Wi-Fi heuristics the cure to the ‘Zombie’ botnet epidemic?

Posted by Narayan Menon on 29 November 2017

Last year, we saw panic and disaster hit headlines thanks to Mirai, a malware that infected internet connected “things” and formed a large-scale botnet that brought down much of the US internet—the largest cyber-attack of its kind to date. A year on, another botnet dubbed “Reaper” is expected to be even larger, taking advantage of connected devices to cause even more damage. Gartner estimates that there are now 8.4 billion IoT devices worldwide, each with the potential to be ensnared by malware. But what can be done? If the Reaper botnet were to strike, it could be catastrophic.

Botnets allow a large number of computers to act in unison, making it easy for spammers to send out huge numbers of emails and perform DDoS attacks. Botnets are even being used to mine for bitcoins, meaning that many people are now providing criminals with the means to make money using their devices and electricity.

But it’s tricky to spot if a device is infected and a part of the botnet. Primarily, this is because these types of malware are meant to go undetected, but also because some operate on “headless software”, without a user interface (UI). Without a dedicated UI, it is hard to spot some of the signs that would suggest the device is behaving suspiciously—a slow, infected PC or laptop will frustrate the user who will look for a solution, while a slow thermostat may not.

With no universal operating system for the IoT, regular updates and patches for devices such as webcams, smart meters, thermostats and smart fridges are rare to non-existent. So what measures can be taken to prevent innocent smart meters from being twisted for nefarious purposes?

This is an opportunity for internet service providers (ISPs). With the right software, it is possible to identify the devices that make up the consumer’s home Wi-Fi network beyond IP and MAC addresses. Through heuristic analysis, devices that are performing outside of normal parameters can be flagged to the consumer, or usage automatically blocked. For example, a TV being used to stream video should have much more demand on the network than a smart meter. If, however, the smart meter is compromised, sending and receiving abnormally large amounts of data, far more frequently than it should, to and from unknown destinations, then it is clear there is a problem that needs to be addressed.

This type of traffic profiling is already widely used across enterprise and telco networks. However, its use in the home would be entirely unique, and could be provided as a paid-for add-on, or even for free, to help keep the ISP at the centre of the home network.

By managing local networks in this way, ISPs will not only be able to help prevent their customers being unwillingly part of a botnet, but also help reduce the threat of DDoS attacks. They will also be able to ensure better quality of experience by reducing traffic caused by bots. This in turn leads to fewer calls to customer support, getting rid of one source of the biggest reasons consumers call their ISP: “My Wi-Fi isn’t working!”. This maintenance of the network will also likely sway their choice of ISP—high performance Wi-Fi is in fact a service that consumers are willing to pay more for, and our research suggests it could be a $6.7bn opportunity.

As botnets continue to grow in strength and amass greater and greater firepower, there needs to be a push towards preventing internet enabled devices within the home from falling into the wrong hands. Device makers are not taking this issue seriously enough, and consumers lack the know-how to ensure their devices are safe. The onus and the opportunity are with ISPs to take the first step. By tracking and flagging suspicious behaviour, perhaps we can cut out the infection before it has time to grow.

Leave a Reply

Your email address will not be published. Required fields are marked *