With the rise of the internet of things, the internet and its advantages as well as dangers have become much more integrated with our devices. This also creates an opportunity for hackers to launch cyberattacks targeted to those connected devices. Due to the inherent properties of software, the internet of things can never be 100% secure.
Lately a botnet has been created out of a large array of cameras and other devices that fit into the internet of things. This so-called Mirai botnet consist of more than half a million nodes. The targets of this botnet and the consequences are not small with recently reported DDoS attacks to Dyn’s Domain Name System management services (DNS) infrastructure, resulting in outages of websites such as Twitter, Spotify and Reddit. It is estimated that just around 10% of the nodes of the botnet were used for this attack.
Examples of Internet of Things devices that are used in this Mirai botnet are for example security cameras. Ironically, many of those cameras cannot be easily updated to increase their data security. The amount of devices that can be used for such a bonnet is ever increasing. As it is impossible to control for the security of all software that is put on internet of things devices, the problem is only likely to become worse.
After a hacker put the source code to this botnet online on a hacking forum, more DDoS attacks were predicted by CERT, the US Computer Emergency Readiness Team. Given that the source code was published before the outages of e.g. Spotify and Twitter, this is also what happened.
What do you think about the future of this development? If software (or accompanying hardware) can never be 100% secure and the amount of connect devices increases how secure is the future even? Apart from DDoS attacks, how about all the internet connected sensors of these connected devices and its effect of the inherent properties of software on security and privacy? Let me know what you think!
https://motherboard.vice.com/tag/The+Internet+of+Hackable+Things
https://motherboard.vice.com/read/criminal-hackers-have-launched-a-turf-war-over-the-internet-of-shit
http://motherboard.vice.com/read/internet-of-things-malware-mirai-ddos
https://motherboard.vice.com/read/twitter-reddit-spotify-were-collateral-damage-in-major-internet-attack
What you describe is the dark side of IoT. In order to make this side as small as possible, users and developers should anticipate quickly on these developments. What can they do? Well, they can change the default passwords and developpers/manufacturers should provide security updates. As you pointed out clever, not all those devices can be updated easily. If manufacturers can’t find a way to update their devices, smart start ups or established companies = will find a way to solve this problem. The advantage of all these IoT devices is that they are all connected to the internet, so I am confident that they will find a way.
Hi Stephan, thank you for your interesting post! I just read about this attack earlier today. To answer your question of what I think of this development: I believe that the development of all these (small) devices went way faster than the (side) issues that come along with it, such as security. Obviously, the introduction to technology has been beneficial in this society, as it facilitates us in our daily lives. People did not consider their privacy or security as a priority, they were more concerned about their needs and how these could be fulfilled. However, I do think it is about time now that people start thinking about those ‘side issues’ and not allowing things to become worse. As Sem mentions, this dark side of IoT should not get the opportunity to arise and people should not need to worry or question every single electronic device they are using. Companies need to start developing software, systems, or anything that makes the use of devices not harmful, but enjoyable and safe!
The increasing interconnectedness of objects in our lives is worrying. The way we make use of these objects and their increasing role in our lives and work is dangerous due to the unsecure nature that resides in the inherent proporties of software. Especially in regards of privacy. I think there should be more attention on the public discussion about the way we orchestrate our lives in regards to all these IT and internet-applications, before we make it an uncontrollable mess.
I fully agree with you on the part that this development is worrying. I feel that although many developments in the area of smart-devices are very cool and provide a lot of convenience and efficiency, the negative sides and effects for the future are not taken into consideration enough. Therefore I would like to add to Chucky’s point that not only companies should that looking at how to prevent these devices from causing harm, but also governmental institutions should invest in creating software or hardware for these devices which are not so prone to be used in these kind of attacks. They also have a very good reason to, because I feel they could very well be one of the next targets for these attacks on a large scale. With the growing number of devices and the interconnectivity of applications and devices reaching new levels every day it is good to face the problem now, rather than having to deal with it once it has become too large to effectively deal with.
Hi Bart, I agree with your point that companies themselves have a responsibility here. But wouldn’t it be impossible to monitor all the internet of things devices that are brought out on the market? And even if it did, in order to make those devices safer the government should have to closely cooperate with business developers from the start of their projects on as to maximize security. I do not believe this will be cost-efficient, or a way to compete with countries that would not apply such tight rules.