Todays DDOS attack against DNS Service provider DYN brought caused outages at several prominent websites. Reuters published a great piece on the attacks, but something stood out about their post. They stated in their reporting the following:
“attacks were coming from tens of millions of Internet-connected devices — such as web cams, printers and thermostats — infected with malicious software that turns them into “bots” that can be used in massive distributed denial of service attacks.”
This is significant, and alarming.
So what is this Internet of Things?
The Internet of Things, or IoT is all of the new era connected devices we use. This is a broad range of products including connected home hardware such as Light Bulbs & Switches, Thermostats, Outlets and more. Many appliances now feature internet connectivity, like internet connected fridges and washing machines. Let’s not forget our entertainment products, gaming consoles, TV’s, media boxes (like Fire TV, or Roku) and such. The list of IoT devices is really quite expansive, and constantly growing.
Why is this Significant?
The way we use technology has rapidly changed over the last decade. The internet went from a place where 10’s of millions of computers and servers co-existed, to a place where 100s of millions of devices coexist. The IoT era is upon us, and with these new devices, comes a new avenue for bad actors to launch attacks. This works because a lot of these devices are constantly online, and many users really don’t see them as computing devices, even though they are. These devices are network enabled, they can store data, and they can be remotely hacked to have malicious code installed without the users really noticing. They can lay in wait for the command to strike, and in a lot of cases the user will never even know their device was part of the attack. While these devices are not individually very powerful, the sheer numbers of them make them quite dangerous. Many users hook these devices up without knowing the risks to not only their home networks (they could make for a point of entry), but also the risks to others. Not to mention the obvious fact that hackers could also gain control of the devices themselves, and wreak havoc on your equipment or spy on you.
So what can be done?
On the manufacturers side they must work to make these devices more secure, in a way that even non-technical users understand. We as users can keep devices that we don’t need to access remotely behind our routers and firewalls. We must keep our firmware up to date. If it must be accessed remotely use good passwords and change them often. People a lot smarter than me will work out other solutions to these problems in due time. The convenience of these devices cannot be overstated, and I certainly wouldn’t advocate anyone stop using them, I know I will continue using mine. All parties involved with IoT, users, service providers and manufacturers alike should be aware of the risks posed by these devices. All concerned should take steps to ensure their devices are secure. I have a feeling though with the new attention generated, things will begin to change.