The disruption of internet services across parts of US was caused by a huge cyber-attack where regular internet connected home devices were used as weapons. This all happened last Friday where hackers used internet of things devices, such as printers, digital recorders, webcams and other IP address contained devices. They weaponised these devices with malware –botnets– and blocked some of the most popular websites like Spotify, Twitter, Netflix, Reddit and many more. The aim of such an attack is to overflow an online service with useless, incomplete data to keep the servers occupied. Isn’t it scary that your own device may be infected with this malware and is used to attack someone?
Hackers use these devices because of their bad security, they have no protection software or difficult passwords and no updates are being made to increase their security. The malware exploits these vulnerabilities to cause enormous damage on the web. These devices are also online most of the day which makes it easier for hackers to use. “It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States,” she told security researcher Brian Krebs (The Guardian, 2016). Hackers scan for vulnerable devices and create the botnets through the devices.
All in all, it is hard to know if your device is being used for botnets. Internet connection can be slow during music or video streams and gaming is suffers too if an device is infected. It would be wise to change default passwords if possible on your devices and always install the updates, if this is not possible to do, switching devices off would be a good idea when it is not in use. What do you think about this? Are you aware of how protected your devices are?
http://www.bbc.com/news/technology-37738823
https://www.theguardian.com/technology/2016/oct/22/cyber-attack-hackers-weaponised-everyday-devices-with-malware-to-mount-assault
http://www.nu.nl/internet/4339768/cyberaanval-vs-maakte-gebruik-van-internet-of-things-apparaten.html
Hi Diana,
Thanks for your interesting blog post, this is a point of view which you do not hear often. I think from the Internet of Things (IoT) projects I have seen, security is one of the most important requirements. For sure this is the case with large projects, but maybe the small initial applications do not fulfil this yet. When this trend is becoming bigger and a significantly amount is using IoT devices, you can count on the level of security becoming a lot better.
Hopefully the security level will increase soon, but maybe we need a disaster or scandal. Now, the applications are not on a large scale and the companies you name are for amusement and will not endanger lives. After a disater or scandal, developers and customers received a wake-up call and that will result in better security for this kind of applications. Do you agree on this?
Kind regards,
Guy
Hi Diana, thanks for the interesting post. The problem of the underlying vulnerabilities in IoT devices really makes you wonder to what extend we should automate our lives, without risking to expose ourselves too much. For example, home electricity and heating systems are now increasingly connected and coordinated wirelessly. The source below discusses an example where someone developed ransomware for smart thermometers at home. The malware increases the heating in the house until the victim pays the specified amount of money. These kinds of scenarios will most likely be seen more frequently as we become more and more reliant on our devices.
https://cyware.com/news/holding-homes-hostage-iot-can-be-used-for-extortion-1e22d8c5