Smart TVs, refrigerators, and wireless speakers all played a role in the first global Internet-of-Things cyber attack, discovered by security researchers last week. According to these researchers, more than 100,000 Internet-connected “smart” home appliances were manipulated to create a malicious network that spammed unsuspecting victims with 750,000 phishing emails for a period of about 2 weeks. The “ThingBot,” as it’s been dubbed, serves as an eye-opening reminder to the rising security threats in our ever-growing digital world.
I have written before about the growing “Internet-of-Things” (IoT) phenomenon—the idea that our everyday devices are becoming increasingly connected to the Web in an attempt to add convenience and ease to daily activities. We see it with wearable technology (such as FitBit and Google Glass), “smart” TVs and thermostats, computerized cars, and more. This trend is new and growing, and the security implications are huge.
The emergence of the IoT botnet (a system of hacked machines controlled by cybercriminals) demonstrates the ease with which hackers have been able to commandeer Internet-connected “smart” devices. Whereas many people protect their PCs with security software—and the manufacturers do their part as well—these newly connected appliances and wearables do not have strong security parameters in place. What’s worse? The majority of consumers wouldn’t know how to detect or fix infections on these devices if and when they became compromised.
This lack of security is what enabled hackers to infect more than 100,000 home devices in a global attack, manipulating these devices to send out attack messages of their own.
What does this mean for users?
If cybercriminals continue to exploit the inherently insecure Internet-of-Things, consumers can expect to see an increase in phishing attacks like this one. Hackers have found a platform outside of traditional computers through which to exploit your data and devices. By creating a network that consists of unprotected home devices and appliances, cybercriminals will be able to make larger, more difficult to detect botnets to do their bidding.
As the number of connected or “smart” devices is expected to grow to more than four times the number of connected computers in the next few years (reaching 200 billion IoT devices by 2020), steps need to be taken both by manufacturers and individuals to keep them secure.
- When possible, protect your devices with a password. It may sound obvious, but it’s important to continue to use basic security tools such as passwords on your IoT devices. It also helps to frequently update your passwords and use two-step verification on devices that allow you to do so.
- Update your software. Smart TVs, gaming consoles, and other Internet-connected home devices are fresh to the market, and because of that, many companies are still working out security kinks. When an update is offered, run it. The new version may include patches to close up recently discovered security holes.
- On IoT devices that allow it, browse with caution. Smart devices aren’t immune to viruses, malware, and botnets. When using Internet-connected gaming consoles and televisions, browse the web with caution—don’t click on links from unknown senders, and ignore any attempt to lure you with the promise of a deal that seems “too good to be true.”
- Do your research. Prior to purchasing a new smart device, be sure to investigate the company security policy and ease with which the product can be updated. If you have any doubts about the security of the device, consider contacting the manufacturer for additional clarification.
- Protect your mobile devices. Smart devices are often controlled by our mobile phones and tablets, so protecting these controllers will help ensure that your smart devices won’t get compromised. McAfee LiveSafe™ service provides comprehensive mobile security that offers real-time protection against mobile viruses, spam, and more.