Home » Technology » IT Transformation » Could Your IoT Device Bring the Internet Crashing Down?
Internet of Things (IoT) devices are excellent for adding functionality to our lives. Sadly, however, a kettle that you can boil on the way home from work can also add to a hacker’s repertoire.
Late in August 2016, the source code for the Mirai worm was dumped on the internet. That malware allows hackers to create a botnet from insecure IoT devices located in homes all over the world. The result is that hackers have a vast array of devices under their control, with which to launch Distributed Denial of Service (DDoS) attacks. DDoS attacks have increased in power, frequency, and effectiveness since the Mirai malware was leaked to the web.
IoT products often ship with weak default passwords such as Admin or 12345. These passwords are supposed to be updated when consumers buy the item. Sadly, this isn’t always the case. With smart home devices left with insecure passwords and default port settings – despite the best efforts of firms to educate people – IoT products are vulnerable to the Mirai malware.
In November, for example, news emerged that Loxone smart homes had been falling victim to hackers looking to extend the Mirai botnet. When I spoke to Loxone’s Managing Director, Philipp Schuster, he told me that the documentation that Loxone smart home devices ship with clearly informs people about the need to secure those products.
Specifically, Loxone user guides specify that consumers must update passwords and are recommended to use “a non-standard port, for instance, 7777 or even better one greater than 50000.” Sadly, the message just isn’t getting through to people, despite the firm going to great lengths to probe people’s devices and send out reminders.
This is just one example of people not securing their IoT devices. Incredibly, stats show that one in every six IoT devices has a security issue. According to Gartner, that means that in 2016 over one billion connected devices were insecure and could be harnessed by the Mirai worm for launching DDoS attacks. This is where it gets scary.
Following the Mirai malware’s appearance online, security experts noticed a sudden surge of DDoS attacks around the world. On 26 September it was reported that the French web host OVH was attacked at rates of rate of between 1Tbps and 1.5Tbps. Those are massive attack rates that had never been experienced before.
Then, in October, the Domain Name System (DNS) provider Dyn was also DDoS attacked with the Mirai botnet. On that occasion, the websites of Twitter, Pinterest, GitHub, PayPal, Spotify, Amazon, Reddit, and Netflix were all brought down for a number of hours due to the attack on vital web infrastructure provider Dyn.
That is a concerning blow, and it has left security experts worried that 2017 could see much more widespread problems. If, for instance, Mirai was used to launch coordinated attacks on various DNS providers – and perhaps the Internet Corporation for Assigned Names and Numbers (ICANN) too – it is possible that we could see large-scale internet blackouts.
In the case of especially well-coordinated attacks, it is possible we could see internet blackouts of up to 24 hours at a time. This could hit firms hard and wreak havoc on the world’s financial markets. Consider, for example, the possibility of self-learning, AI-controlled attack interfaces working alongside the Mirai botnet to launch carefully timed and targeted attacks. Imagine it happening on Black Friday and you get the picture.
This might sound more like something out of the movie Terminator than reality. Sadly, that isn’t the case. Companies like BT Americas are working hard to create hacking tools based on human neural networks. Furthermore, the Defense Advanced Research Projects Agency (DARPA)’s Cyber Grand Challenge last year proved that automated and self-learning systems are effective at doing things quickly that it would take a human a long time to do.
Those particular efforts are known to us. The efforts of clandestine hacking groups and state-sponsored actors are not. As such, it is hard to tell what hackers have ‘out in the wild.’ It seems reasonable to assume, though, that the attack on Dyn was only the beginning and that we can expect to see much worse internet blackouts in the coming months and years – at ever increasing and alarming rates.
With more and more IoT products being purchased every day, the number of mal-configured devices available to hackers is only going to increase. Sadly, because the threat is removed from consumers directly – who don’t think DDoS attacks on the likes of Dyn affect them – it is hard to convince them to take responsibility..
Perhaps when we actually see a 24-hour blackout, and people lose access to their precious Facebook or Instagram, we will finally see them wake up to their position of responsibility within the world’s growing internet security nightmare.