Detecting Vulnerable “Internet of Things”

magnifier-492539So the big news last week was the giant attack by the Mirai malware/botson Dyn that effectively killed (well, seriously wounded) the Internet for a lot of people. And that the “Internet of Things” (IoT) was the source of the attack, because of bad security practices (devices with ‘backdoors’ and default passwords) on those devices.

I’m not going to explain what happened. If you are interested in this subject, you probably already know that the attack was done by the Mirai malware. The rest of you can ask the googles if you need an explanation of what happened.

And I am not going to explain how Mirai works, or that you can get a copy of the Mirai malware source code.

The thing that is not clear to many people:how can you check to see if your devices on your network, whether home or work, are susceptible to the attack by the Mirai attack.

The basic attack is through specific ports on your network, visible to the outside (external to your network) to devices ‘inside’ your network. So to test if your network is vulnerable, you need to check from the ‘outside’ of your network.

To do this check from the ‘outside’, I recommend the venerable (fancy term for old) “ShieldsUp” check from Gibson Research. This is a free tool that will scan for open ports on your network (this should work on any OS or network).

But, before you do that, make sure you have the permission of the owners of your network. Attacking – or even scanning – a network you do not own can be a felony in the US, and probably other countries. So, before you proceed, make sure that you have the networks’ owners’ permission.

You can check your own home network, though, since you are the owner. But, again, only do this scan on networks you own, even though the scan is very benign.

You can find the Gibson Research “ShieldsUp” tool at http://bit.ly/2dA9Ubd. Carefully read the information on that page. (For instance, that page will show you your unique identification that every web site can find out. Even the ‘private’ function of your browser will disclose that information. Again, read the page carefully to understand the implications.)

Once you have read the info on that page, click on the “Proceed” button (either one). On the next page, read the information, then click the orange button to check your exposure to UPnP (Universal Plug and Play).

image

The test will take under a minute, then the result will be displayed. If your network is OK for that test, you’ll get a nice green message. That’s good. If your network has problems, there will be some explanation of what you should do. We’re not going to go into any of that “What You Should Do” stuff, it’s pretty deep and complicated.

The next step is to check for any open ‘ports’ on your network. Go back to the testing page (the page you saw when you clicked on the “Proceed” button). On that screen, these series of buttons are the next step.

image

Run the “Common Ports” test first. Then run the “All Service Ports”. As with the first test, you are looking for all ‘green’ results. Any bad results will be listed, along with explanations. Again, we aren’t going to explain things here; if you need more info, look at the site’s explanations, and ask the googles if needed.

On my computer on my home network (which I own, so I have permission to scan my network), I got ‘all green’, as shown in this screen shot:

image

Hopefully, you will too. If you don’t, then proceed from there.