You probably have heard about Internet of Things (IoT) – the idea of inserting intellectual features into little gadget in daily life. Examples are Philips Hue smart bulb, Nike chips for shoes and Petnet smart pet feeder. But have you heard about Botnet of things?
Botnets are networks made up of remotely controlled computers, or “bots”. These computers are infected with malware that allows them to be remotely controlled. Therefore, if your computer is part of a botnet, it is invaded by a certain type of malware that could steal your personal information (e.g. password or confidential documents). (Hoffman, 2016) Botnet has come into existence since 2000. (Schneier, 2017) Although there are multiple ways of defending malware, botnet issues have never been solved. As firewall and it has been getting worse since then. As antivirus software keeps upgrading, new botnets keep appearing.
As many IoT utilize cheap gadgets that have little security, those devices are extremely vulnerable to hackers. (Schneier, 2017) In late 2016, the cyberattack on Dyn’s servers created a network of zombie out of 100,000 connected gadgets. This attack happened because the IoT devices did not have sufficiently effective security protocols to defend malware.
The public has come to realize the severity of botnet issues to IoT. Predicted by firm Gartner, by 2020, 20.8 million connected objects of IoT will invade our daily life. By that time, a major cyberattack could be a disaster since the network covers a huge part of daily gadgets. (Micro, 2017)
How do we mitigate the potential security issue of IoT? One of the solutions is to invest in cybersecurity measures and ensure that companies do take actions to defend malware. The key of this solution is to focus on manufacture of IoT devices, which is also the main issue at this moment. Using home routers is another solution, be it the doorkeeper of the new smart devices at home. Other solutions include creating passwords, regularly changing password, resetting devices to factory settings when malware is suspected. (Micro, 2017) (Internet of Business, 2017)
References
Hoffman, C. (2016). What Is a Botnet?. [online] Howtogeek.com. Available at: https://www.howtogeek.com/183812/htg-explains-what-is-a-botnet/ [Accessed 17 Oct. 2017].
Internet of Business. (2017). How can Internet of Things Botnet attacks be mitigated?. [online] Available at: https://internetofbusiness.com/iot-botnet-attacks-mitigated/ [Accessed 17 Oct. 2017].
Micro, T. (2017). The rise of IoT zombies: What’s the danger of botnets?. [online] Blog.trendmicro.com. Available at: http://blog.trendmicro.com/the-rise-of-iot-zombies-whats-the-danger-of-botnets/ [Accessed 17 Oct. 2017].
Schneier, B. (2017). Why website takedowns and other Internet mischief are still increasing. [online] MIT Technology Review. Available at: https://www.technologyreview.com/s/603500/10-breakthrough-technologies-2017-botnets-of-things/?set=608378 [Accessed 17 Oct. 2017].
By Ningjie Chen, 2017
Hi Chen! Thanks for this interesting post. I believe that the development of all these devices went way faster than the issues that come along with it, such as security. Obviously, the introduction to technology has been beneficial in this society, as it facilitates us in our daily lives. People did not consider their privacy or security as a priority, they were more concerned about their needs and how these could be fulfilled. Botnets are indeed a big problem. One year after Mirai, a new IoT bot is emerging. “IOTroop” is growing at faster pace than Mirai, and can potentially cause greater damage (Barth, 2017). This dark side of IoT should not get the opportunity to arise. Companies who manufacture IoT devices indeed need to start developing software or systems that makes the use of devices safe!
Reference:
Barth, B. (2017). One year after Mirai, a new IoT botnet threat emerges. [Online] SC Media. Available from: https://digitalstrategy.rsm.nl//2017/10/17/botnet-of-things/ [Accessed 20 Oct. 2017].
Hi Chen! Thanks for this interesting post. I believe that the development of all these devices went way faster than the issues that come along with it, such as security. Obviously, the introduction to technology has been beneficial in this society, as it facilitates us in our daily lives. People did not consider their privacy or security as a priority, they were more concerned about their needs and how these could be fulfilled. Botnets are indeed a big problem. One year after Mirai, a new IoT bot is emerging. “IOTroop” is growing at faster pace than Mirai, and can potentially cause greater damage (Barth, 2017). This dark side of IoT should not get the opportunity to arise. Companies who manufacture IoT devices indeed need to start developing software or systems that makes the use of devices safe!
Reference:
Barth, B. (2017). One year after Mirai, a new IoT botnet threat emerges. [Online] SC Media. Available from: https://digitalstrategy.rsm.nl//2017/10/17/botnet-of-things/ [Accessed 20 Oct. 2017].
The EU is taking steps to promote cybersecurity – on September 13th, the European Commission put forward a proposal for a certification framework that will attest that ICT-based products and services have been certified in accordance with specified cybersecurity requirements (European Commission, 2017). On August 1st, the Internet of Things Cybersecurity Improvement Act was introduced, requiring providers who sell connected devices to the U.S. government to implement measures (i.e. no known hard-, soft- and firmware vulnerabilities and trusted security updates) that would have prevented the Dyn-attack (Mimoso, 2017). However, this Act doesn’t directly help the end consumer. I agree with Luc’s comment, about people being more concerned with their own needs and not considering their security a high priority, until they’re directly confronted with it by personally being hacked. More awareness needs to be raised so people will actually start to care and campaign for more security regulations.
European Commission (2017, September 19). The EU cybersecurity certification framework. Retrieved October 22, 2017, from https://ec.europa.eu/digital-single-market/en/eu-cybersecurity-certification-framework
Mimoso, M. (2017, August 01). Legislation Proposed to Secure Connected IoT Devices. Retrieved October 22, 2017, from https://threatpost.com/legislation-proposed-to-secure-connected-iot-devices/127152/