Todays Internet of Things (IoT) based DDOS attack against DNS Service provider DYN brought caused outages at several prominent websites. Reuters published a great piece on the attacks, however, something significant and alarming stood out about their post. They stated in their reporting the following:
“attacks were coming from tens of millions of Internet-connected devices — such as web cams, printers and thermostats — infected with malicious software that turns them into “bots” that can be used in massive distributed denial of service attacks.”
Reuters
What is this IoT, Anyway?
The Internet of Things, or IoT, is all of the modern connected devices. This
is a broad range of products including connected home hardware such as
bulbs & switches, thermostats, outlets and more. Additionally, Many appliances now
feature internet connectivity, like internet-connected fridges and washing
machines. Then, there are our entertainment products, gaming consoles, TV’s,
media boxes (like Fire TV, or Roku) and such. The list of IoT devices is really
quite expansive, and constantly growing.
Why is this Significant?
The way we use technology has rapidly changed over the last decade. Not so
long ago the internet was 10’s of millions of computers and servers co-existing.
Today it is a place where 100s of millions of devices coexist. With these new
devices, comes a new avenue for bad actors to launch attacks. This works
because a lot of these devices are constantly online. Furthermore, many users
really don’t see them as computing devices, like say a computer.
Many IoT devices are mini computers. They are network enabled, run software,
and have storage. As such, they can be remotely hacked to have malicious code
installed unbeknownst to the devices owner. They can lay in wait for the
command to strike, execute an attack with the device owner none the wiser.
While these devices are not individually very powerful, the sheer numbers of them
make them quite dangerous. Consequently, This is part of what happened in today’s attacks. Many
users hook these devices up without knowing the risks to not only their home
networks (they could make for a point of entry), but also the risks to others.
Not to mention the obvious fact that hackers could also gain control of the
devices themselves, and wreak havoc on your equipment or spy on you.
So what can be done?
On the manufacturers side they must work to make these devices more secure,
in a way that even non-technical users understand. We as users can keep devices
that we don’t need to access remotely behind our routers and firewalls. We must
keep our firmware up to date. For devices accessed remotely use strong
passwords and monitor the logs for suspicious activity. People a lot smarter
than me will work out other solutions to these problems in due time. IoT
devices are certainly convenient, I certainly wouldn’t advocate anyone stop
using them. I will continue using mine. However, it is important that everyone
involved needs to play a part in keeping them secure.
Note: This article has been modified for clarity and/or style after original publication. The content, tone and intent remains the same.