Skip to Main Content

Strategic Business Insights (SBI) logo

Internet of Things November 2019 Viewpoints

Technology Analyst: Guy Garrud

Encrypting DNS

Why is this topic significant?

Encrypting domain-name-system queries could radically reshape the handling of internet traffic.

Description

Internet-connected devices all have an internet-protocol (IP) address that is a (typically 128-bit) number. However, most computers address internet traffic to an internet domain. The domain-name system (DNS) is the system connecting internet domains to specific IP addresses. DNS servers receive domain queries from devices and respond with the correct IP address for a particular domain. The DNS system is a key component for cloud-computing systems where data and other activities may not occur at a single permanent IP address. DNS queries are typically not encrypted.

In September 2019, the web browsers Chrome and Firefox began rolling out an encrypted form of DNS: DNS-over-HTTPS (DoH). The new approach encrypts DNS queries, which means that, in theory, only the DNS server and the device sending the query know what domain a device is attempting to access.

Implications

Google's and Mozilla's rolling out DoH has triggered significant pushback from internet-service providers (ISPs). Encrypted DNS queries make it difficult for ISPs to gather data about users' internet traffic, potentially hindering an important part of their businesses. DNS queries are somewhat of an exception in that they are unencrypted, unlike most other internet traffic. In particular, the increasingly widespread use of hypertext-transfer-protocol secure (https) means that data traffic from most major websites is now encrypted.

One criticism of Google is that implementing DoH through its Chrome web browser will lead to most DNS requests' going to Google's DNS servers, which already support DoH. This process, in turn, would enable Google to gather a large amount of data about users' web-traffic habits.

DNS encryption can also raise issues for network managers. In particular, many companies use DNS servers with lists of specific domains and IP addresses that are malicious. Opponents of DoH argue that the system prevents intervention at a local level to prevent users' accessing potentially dangerous addresses.

Impacts/Disruptions

DNS forms an important role in enabling complex and dynamic cloud-computing systems and, as a result, most IoT systems also rely heavily on the DNS system. Integrating DoH into IoT devices will likely be an important step in future-proofing them to remain compatible with generally accepted internet standards for the next several years. Alternative methods for encrypting DNS requests (such as DNS over TLS [Transport Layer Security], which many Android clients use by default) are also available, and—as is so often the case—a potential war of incompatible standards could serve to confuse end users and complicate the task of companies seeking to implement an IoT solution.

Scale of Impact

  • Low
  • Medium
  • High
The scale of impact for this topic is: Medium

Time of Impact

  • Now
  • 5 Years
  • 10 Years
  • 15 Years
The time of impact for this topic is: 5 Years

Opportunities in the following industry areas:

Cloud computing, web hosting, internet-service provision, IoT devices

Relevant to the following Explorer Technology Areas:

IoT's Expanding Security Risks

By David Strachan-Olson
Strachan-Olson is a consultant with Strategic Business Insights.

Why is this topic significant?

Attempted cyberattacks against IoT devices are increasing at a significant rate, and attackers are finding new ways to leverage IoT devices to compromise private networks and disrupt organizations' operations.

Description

Organizations' increased use of Internet of Things (IoT) devices is providing attackers with new ways to infiltrate private networks and disrupt organizations' operations. Researchers from the Microsoft Threat Intelligence Center recently discovered instances in which hackers backed by the Russian government gained access to enterprise networks by exploiting IoT devices. The hackers were able to use default passwords and outdated firmware to infiltrate internet-connected printers, video decoders, and voice-over-internet-protocol phones. The attackers used the compromised devices to scan private networks in order to search for other vulnerable devices and higher-privileged accounts with access to more valuable data.

A recent report from F-Secure, a Finnish cybersecurity company, outlined the changing landscape of cyberattacks in the first half of 2019. The company found a significant increase (approximately 300%) in the number of attempts to access Transmission Control Protocol ports, which are primarily in use on IoT devices. A significant number of attempts came from automated systems using variations of the Mirai malware, some of which target enterprise IoT devices.

Implications

As organizations and individuals begin to connect more IoT devices to their networks, such devices are becoming more popular targets for hackers. For now, the majority of attacks against IoT devices constitute Mirai-like attacks in which an attacker attempts to gain control of IoT devices in order to perform a variety of distributed cyberattacks. However, Microsoft's research suggests that attackers are beginning to use IoT devices as entry points for advanced attacks on private networks that could compromise data or affect operations.

Ransomware (malware that denies access to data or a system until a user pays a ransom) continues to be a growing issue for organizations of all sizes. Ransomware attacks are increasingly targeting larger organizations, such as local governments, hospitals, and industrial manufacturers instead of individuals. Potentially, IoT devices could become another vector for hackers to gain access to networks to deploy ransomware. Alternatively, the IoT device may become the target of ransomware itself. For applications that depend on IoT devices—such as smart grid, smart city, and industrial operations—malware could lock out owners from accessing such devices. Although companies might be able to remedy such an attack against a small number of IoT devices, an attack perpetrated on thousands of devices in a facility or in a city could cause significant disruption to an organization's operations.

Impacts/Disruptions

Many IoT-device manufacturers, especially manufacturers for home and consumer products, have given little thought to cybersecurity. Default credentials and outdated firmware are common options for hackers to use to gain access to IoT devices. Some organizations may delay or cancel IoT deployments; others may place increased importance on device vendors with superior cybersecurity practices. Going forward, governments and industry organizations may need to play a role in setting minimum cybersecurity standards for IoT devices to help continue the development of the IoT.

Scale of Impact

  • Low
  • Medium
  • High
The scale of impact for this topic is: Medium to High

Time of Impact

  • Now
  • 5 Years
  • 10 Years
  • 15 Years
The time of impact for this topic is: Now to 5 Years

Opportunities in the following industry areas:

Cybersecurity, network security, IT, enterprise IoT, smart city, infrastructure monitoring, connected home

Relevant to the following Explorer Technology Areas: