Is your IoT device part of a botnet?Internet of things (IoT) devices are growing in popularity, and with the holiday season here, more homes will play host to Internet-connected appliances than any year before. These smart gadgets can make seemingly great gifts, but unfortunately, their online connectivity makes them vulnerable to being hijacked by hackers. Just two minutes after being connected to the Internet, your IoT devices can be used to carry out crimes as part of a horde of commandeered devices, known as a botnet. How do you tell if your devices have been taken over, and how do you protect them? Read on to find out.

What is a botnet?

A botnet is a network of devices infected with malware that forces them to take orders from a hacker. The hacker can use the collective processing power of these devices for malicious and illegal purposes, such as carrying out DDoS attacks, sending phishing emails and spreading the infection to more devices. Botnet malware can infect computers and smartphones, but IoT devices are the most vulnerable targets because they don’t typically have robust security. If the idea of your household appliances and children’s toys being involved in a cyberattack doesn’t bother you, you should still take notice. That’s because the malware used to create botnets can also launch attacks on other devices sharing the same network to steal personal information, as was the case in the 2013 Target data breach, or it can break your devices, as the Brickerbot malware did earlier this year.

How do you tell if you’re part of a botnet?

For your computer and mobile devices, the simplest solution is to run an antivirus scan to detect the botnet malware. This isn’t a complete solution, as botnet malware is often designed to be as hard to find as possible, and it doesn’t do anything for your IoT appliances, so you’ll want to combine this with a database check. Several websites document botnet attacks in databases, and let you search to see if your devices participated in those attacks. For instance, Sonicwall has a page where you can enter your IP address to search through their botnet attack database (to find your IP address, you can go to a website such as WhatIsMyIPAddress or just search for the phrase “IP address” using Google). If it comes back with a result, that means that a device on your network was at one point part of a botnet — and it still might be.

To do a more thorough check, you can use a free network analysis tool such as Wireshark or Snort to monitor your Internet traffic for unusual activity. These solutions require more technological knowledge and have a bit of a learning curve, but they can also provide you with more concrete information. In particular, you should look for DNS queries with more than one or two resource records. This is unusual, and it may represent commands sent by the malware’s control servers.

What can I do if my devices are infected?

With computers and mobile devices, you can try using anti-malware software to get rid of an infection, but for IoT devices the process is a little different. To be safe, power off your devices immediately to stop potential spread of the infection. Once that’s done, since most IoT devices can’t run commercial cybersecurity software, your best bet is to completely reset them. Look at your device’s owner’s manual to see if there’s a way you can perform a reflash (or memory overwrite) with your appliances, or contact the manufacturer and ask them if they can reflash your unit for you. Once you clean your devices of malware, there are several preventative steps you can take to make sure they don’t get infected again. Make sure you change any passwords away from the ones that came with the product and replace them with strong passwords, as automated hacking programs are constantly scanning the Internet to find devices with default credentials to compromise. Do the same with your router to keep any future infection from spreading to other devices on your network. Once you connect a device to the Internet, update it so it can have the latest security features installed, and turn your devices off when you aren’t using them to limit their potential exposure to attacks.

It’s also important to make security a priority when researching new gadgets, as not every IoT device company pays mind to how well its products stand up to cyberattacks, and all it takes is one infected appliance to compromise a network. To learn more about securing your technology against threats, read our technology blog.