Why care about the insecurity of IoT
If you haven’t heard by now, the internet was under attack thanks to insecure “internet of things” (IoT) devices. The weapon of choice was the Mirai botnet, which crippled well known sites like CNN, Netflix, Twitter, etc. to a grinding halt. But how exactly did insecure IoT devices help the largest to date cyberattack experienced in the Western hemisphere?
The source of the outage was a distributed distributed denial of service (DDoS) attack, which leveraged a network of IoT devices infected with special malware, known as a “botnet”. The botnet was orchestrated to bombard a server with traffic until it collapsed under the strain. The IoT devices included Xerox, Panasonic and Samsung printers, as well as an array of Chinese manufactured short circuit TVs, DVRs, etc.
Botnets are not new, unfortunately. But a botnet comprised of IoTs is what makes last week’s massive DDoS jaw dropping and terrifying. Why should you or anyone care, especially if technology is not in your wheelhouse? Think of finding out that your garage has served as shelter for a terrorist, who is part of a much larger cell, ready to take down half the country. The terrorist was able to get into your garage easily because you don’t secure it. Guess what? You’re one of the most vulnerable targets if the attack goes down.
Now, bring this back to the IoT framework. Many households are moving toward an connected, IoT world–from refrigerators, thermostats, security systems and security cameras. When everything goes smoothly, we forget how much rely on our IoT devices. It’s only when they’re compromised do we then realize that we may have a big problem.
The crux of the data security challenge that faces us all is that the Mirai botnet revealed how vulnerable we are because of insecure IoTs. The Mirai attack exploited 100,000 connected devices or “malicious endpoints,” which resulted in an epoch attack of 1.2 terabytes/second. Your DVR or short-circuit camera may have served as an unwitting accomplice in the now legendary DDoS attack.