How Panasonic is using internet honeypots to improve IoT device security

Researchers at the electronics and home-appliance manufacturer leave connected devices open to the internet in a controlled environment - and watch how hackers attempt to attack them.
Written by Danny Palmer, Senior Writer

Electronics and home-appliance manufacturer Panasonic has detailed how it has strengthened the security of its Internet of Things devices by connecting them to internet honeypots and allowing hackers to try and take them over.

The global corporation uses two specially built honeypot sites that have the effect of exposing devices to the internet, to lure cyber criminals into attacking the devices. The products being tested like this range from IP cameras to connected home appliances like fridges and other kitchen products.

It's all part of Panasonic's efforts to understand the IoT threat landscape and how to counter threats targeting the products they manufacturer and how to protect consumers and businesses from IoT-based cyberattacks.

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

The process was detailed by Hikohiro Y Lin, general manager and head of the product security incident response team, and Yuki Osawa, senior engineer at Panasonic Corporation, presenting a session at Black Hat Europe in London.

"Our company has white-hat hackers hacking our own devices every day. We've tested more than a thousand devices and we've found more than 10,000 vulnerabilities before shipping, so they're fixed," said Lin.

But in order to ensure development teams have as much information about potential security vulnerabilities in products as possible, both unreleased and on-the-market products are placed in the honeypots, which are monitored to gain insight into how devices are attacked by real-world hackers.

"We deploy our real appliances as a honeypot and we collect attacks and malware targeting our devices. We can deploy products under development as well," Osawa explained.

The Panasonic IoT threat-intelligence platform has been active for two years and in that time the company has collected information on about 30 million cyberattacks and 4,000 kinds of IoT malware – all attacks that are targeting real devices put through the security tests.

Some kinds of devices face more attacks than others: for example, the devices in the honeypots that face the most attacks are cameras – a type of IoT product that is often abused by hackers for nefarious purposes. This often sees the devices added to botnets for conducting DDoS attacks – although they can also be exploited as a weak point for attackers to get inside a network.

All of the attacks targeting devices in the honeypot are monitored, allowing Panasonic researchers to examine the ways hackers will try to exploit devices if they found them without full security in the wild.

For example, one incident saw attackers attempting to deploy SambaCry malware onto a device, failing, then attempting to delete evidence of their actions. Another incident saw an attacker targeting a device with a variant of the mirai botnet – complete with a brute force password cracker – in what was likely an effort to add the product to a botnet for DDoS attacks.

All of this information is relayed to the developers of upcoming products to do the most to ensure IoT-connected devices are as resistant to cyberattacks as possible – although the company admits that it still isn't possible to find every kind of attack targeting devices, but if new techniques emerge in the wild, the team will try to close off the vulnerabilities as soon as they can.

"We're trying hard to minimize risk, but it can't be 100% secure, but we try. After that, if something happens, we deal with it as soon as possible with firmware updates," said Lin.

The importance of device security is showcased at the company headquarters, where devices in honeypot are on display: each of the devices has a red light above it and, when it flashes, it indicates an attacker is attempting to break into that device.

The idea is that with this honeypot displayed prominently in the business, it allows developers, executives and others outside the security team to see what's going on and reflect on the importance of security.

"We think visualization is very important for developers because it allows them to understand what's happening on our products," said Osawa.

SEE: 10 tips for new cybersecurity pros (free PDF)    

However, the company can only do so much for now, because once the devices are in people's homes and businesses, the users take some responsibility for managing the devices – but they can easily be forgotten about, leaving the devices – and the networks – of the users vulnerable to attacks.

As a result, Lin warned that users need to regularly patch their devices to help protect them from falling victim to cyberattacks.

"In your home, if you have IoT devices, you can do something, you can update your devices and router so they can be used safely," he said.


Editorial standards