How the Internet of Things is putting us at risk

Not-so-smart devices are causing problems

Picture: Tnarik Innael (Flickr).

Picture: Tnarik Innael (Flickr).

It’s not new news. IoT devices are vulnerable to attack.

We have all heard the reports about baby monitors being hacked, smart cars being taken over and CCTV systems being compromised. But on Friday, 21st October 2016, an attack on smart ‘things’ made global news and should change the way manufacturers, employers and consumers think about the Internet of Things, and change things fast.

One of the largest and most powerful distributed denial of service (DDoS) attacks in recent history hit DNS provider Dyn and its customers, impacting major services like Twitter, Reddit and Spotify. The attack signified what globally, might be the beginning of a new era of internet attacks conducted via "smart" things. Clearly they aren't as smart as we think, if they can be so easily commandeered by random deviants on the internet to impact major services such as these.

So, we know how it happened, what’s next? How do we as a community of concerned researchers, civil servants and internet users protect our internet and prevent even greater damage from future attacks.

We predicted IoT device attacks would take off when criminals figured out how to monetise them - much like they have with their very lucrative ransomware scams - or align them to their goals. While we have not yet seen any direct financial gain with this widespread attack, it does show just how powerful vulnerabilities in IoT devices are, when in the wrong hands. Others have conducted DDoS as an extortion technique for years and this could be a very dangerous precedent for future attacks. Until now, IoT devices have been protected by a lack of attacker interest. Clearly, this has changed. With the release of this malware code and its use in these recent attacks, cybercriminals have smelled the blood in the water and the sharks are circling. We hadn't seen evidence of this yet, but historically, cybercriminals have used DDoS to distract security teams while conducting other attacks with bigger financial motives. It could also have been plain old political hacktivism, cyber vandalism or some other fraud.

Sophos experts have been studying and reverse engineering IoT devices for years now, revealing how vulnerable they are to compromise. Many have asked why CCTV/DVR cameras represent the majority of devices used in the Dyn attack. Other devices are exposed and vulnerable in the same way, so this attack shows only the tip of the iceberg of potential devices cyber criminals could leverage for attacks.

You might be asking, but what can we do? Well there’s plenty we can do, and the steps to protection are simple. First, it’s critical manufacturers take note of this and take action, with steps such as eliminating default passwords and ensuring devices can be remotely and automatically updated against security threats, to help prevent this type of event recurring.

And on a user level, it’s vital that owners of smart TVs, lights, thermostats, routers, baby monitors and other internet connected devices keep the software on their devices up to date and immediately change the default passwords to something unique. Here’s a tip – you can write your new password down so you can remember it, just be sure to change it from the factory setting. For businesses, make sure employees are asking for permission from IT before connecting IoT devices to the work network. Otherwise they could be opening a window for attackers to see into the organizations, steal data and perform illicit surveillance.

It’s ok, we know everyone loves to play with gadgets. But if you are going to play with the IoT, better play safe, than sorry.

Chester Wisniewski, principal research scientist from Sophos

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Internet of ThingssecuritybusinessIoThacking

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?