How the Internet of Things is putting us at risk

Not-so-smart devices are causing problems

Picture: Tnarik Innael (Flickr).

Picture: Tnarik Innael (Flickr).

It’s not new news. IoT devices are vulnerable to attack.

We have all heard the reports about baby monitors being hacked, smart cars being taken over and CCTV systems being compromised. But on Friday, 21st October 2016, an attack on smart ‘things’ made global news and should change the way manufacturers, employers and consumers think about the Internet of Things, and change things fast.

One of the largest and most powerful distributed denial of service (DDoS) attacks in recent history hit DNS provider Dyn and its customers, impacting major services like Twitter, Reddit and Spotify. The attack signified what globally, might be the beginning of a new era of internet attacks conducted via "smart" things. Clearly they aren't as smart as we think, if they can be so easily commandeered by random deviants on the internet to impact major services such as these.

So, we know how it happened, what’s next? How do we as a community of concerned researchers, civil servants and internet users protect our internet and prevent even greater damage from future attacks.

We predicted IoT device attacks would take off when criminals figured out how to monetise them - much like they have with their very lucrative ransomware scams - or align them to their goals. While we have not yet seen any direct financial gain with this widespread attack, it does show just how powerful vulnerabilities in IoT devices are, when in the wrong hands. Others have conducted DDoS as an extortion technique for years and this could be a very dangerous precedent for future attacks. Until now, IoT devices have been protected by a lack of attacker interest. Clearly, this has changed. With the release of this malware code and its use in these recent attacks, cybercriminals have smelled the blood in the water and the sharks are circling. We hadn't seen evidence of this yet, but historically, cybercriminals have used DDoS to distract security teams while conducting other attacks with bigger financial motives. It could also have been plain old political hacktivism, cyber vandalism or some other fraud.

Sophos experts have been studying and reverse engineering IoT devices for years now, revealing how vulnerable they are to compromise. Many have asked why CCTV/DVR cameras represent the majority of devices used in the Dyn attack. Other devices are exposed and vulnerable in the same way, so this attack shows only the tip of the iceberg of potential devices cyber criminals could leverage for attacks.

You might be asking, but what can we do? Well there’s plenty we can do, and the steps to protection are simple. First, it’s critical manufacturers take note of this and take action, with steps such as eliminating default passwords and ensuring devices can be remotely and automatically updated against security threats, to help prevent this type of event recurring.

And on a user level, it’s vital that owners of smart TVs, lights, thermostats, routers, baby monitors and other internet connected devices keep the software on their devices up to date and immediately change the default passwords to something unique. Here’s a tip – you can write your new password down so you can remember it, just be sure to change it from the factory setting. For businesses, make sure employees are asking for permission from IT before connecting IoT devices to the work network. Otherwise they could be opening a window for attackers to see into the organizations, steal data and perform illicit surveillance.

It’s ok, we know everyone loves to play with gadgets. But if you are going to play with the IoT, better play safe, than sorry.

Chester Wisniewski, principal research scientist from Sophos

Join the PC World newsletter!

Error: Please check your email address.

Tags Internet of ThingssecuritybusinessIoThacking

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?