Unsecured IoT Devices Behind Last Week’s DDoS Attack, More Likely to Come

By on

A hyper-connected world offers a lot of benefits, but it also comes with a lot of risk. President Obama has said it himself. Just this past week on Jimmy Kimmel Live, he wondered aloud, “How do we continue to get all the benefits of being in cyberspace, but protect our finances, protect our privacy? What is true is that we are all connected. We’re all wired now.” And he’s right. We are all wired these days, mostly due to the Internet of Things (IoT), an ever-growing network of physical objects that have network connectivity, allowing them to send and receive data. IoT devices range from webcams to DVRs, and its market is booming. And unfortunately, with this boom comes one in IoT-specific attacks, with the most recent one occurring across the entire East Coast.

This massive attack saw thousands of IoT devices transformed into botnets, thanks to a malware variant called Mirai. Cybercriminals used this army of infected IoT devices, then constructed one of the largest DDoS (Distributed Denial of Service) attacks in recent history. Their target was a DNS provider called Dyn, which temporarily knocked major sites such as Twitter, Github, and Etsy offline.

These crooks used IoT devices for a reason – they’re user-friendly, accessible, and don’t always have stringent security standards. This makes them easily manipulated by attackers.

So how exactly were the crooks able to pull off this attack? Two words: default passwords.

The majority of IoT devices are shipped out to users with default passwords already set by factory manufacturers. Though the intention is to make setup easier, or access more streamlined, these default passwords are an open invitation for hacks. Default passwords and usernames are relatively easy for hackers to guess and crack. In some cases, they can pull up lists of defaults with a simple internet search. In addition, automatic updates aren’t always a feature for IoT devices, which makes it more difficult for security patches to be applied when flaws are discovered.

In summary, IoT devices are, in cases like these, sitting ducks. But one great thing came out of this DDoS attack: it got people’s attention. Important people’s attention. IT professionals and government officials alike are now recognizing the security issues demanding resolution across connected devices. The conclusion: IoT devices need to be held to higher security standards, and action is increasingly being taken. 

As smart devices continue to hit the shelves at break-neck speed, security standards for connected gadgets are no longer just a concern, they’re a necessity. Manufacturers of IoT products must take additional security measures before devices hit the retail floor, and users must do their own part to ensure their security with the connected gadgets they buy.

As IoT security continues to progress, here are a few tips to keep in mind if you use connected devices:

  1. Change your default passwords. I’ve said it before, but it bears repeating: reset the default password on your connected device the moment you bring it home. Make sure your password is long, strong, and unique. And if you’re someone who has trouble remembering multiple passwords (I’m sure you have more than one device you’re password-protecting), turn to a password management solution.   
  2. Keep security top of mind when buying an IoT device. When you’re thinking of making your next IoT gadget purchase, make sure to do your research first. Start by looking up the device in question’s security standards. A simple Google search on the product, as well as the manufacturer, will often do the trick.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

 gary

Categories: Consumer Threat Notices
Tags:

Leave a Comment

Similar articles

The sun has finally set on The International Consumer Electronics Show (CES) in Las Vegas. Every year, practically everyone in the consumer electronics industry comes from all over to show off the latest and greatest cutting-edge innovations in technology. From flying taxis, self-driving suitcases, and robots that will fold your laundry, CES 2019 did not ...
Read Blog
Few fields and industries change as rapidly as those in the technology sector. This fast-moving, adaptable and growing sector creates new applications, new devices, and new efficiencies designed to make our everyday lives easier — sometimes in ways we’ve never imagined. But more devices and applications, from a security standpoint, means cybercriminals could have more ...
Read Blog
It’s no secret – IoT devices are creeping into every facet of our daily lives. In fact, Gartner estimates there will be 20.4 Billion IoT devices by the year 2020. More devices mean greater connectivity and ease of use for their owners, but connectivity also means more opportunities for hacks. With CES 2019 kicking off this ...
Read Blog