Security News & Best Practices

Get the scoop on the latest security threats and how to protect yourself

Internet of Zombies: How the IoT trend might lead to botnets

The internet has now become so versatile that companies have begun to get creative with how they use it. Enter the Internet of Things, a trend that involves giving everyday items the ability to connect to the internet. Everything from refrigerators to thermostats are now part of the IoT. While this trend certainly has its benefits, it's still struggling with security. 

Certain hackers have even begun to figure out how to use these devices in order to create botnets, or collections of connected gadgets that can be used to attack a target. So, what does the average consumer need to know about IoT security, and how can they avoid becoming part of a botnet?

Lizard Squad attack was huge

"The most likely attack vector here is default passwords."

To understand this problem, you must first be introduced to what a motivated cyber criminal can do. The most recent of these would be the LizardStresser botnet attack that was levied against institutions in Brazil and the U.S. This particular incident was a distributed denial of service attack, which is basically where a hacker uses all of the machines under his control to send massive amounts of data to his victim's servers. These computers simply aren't able to handle the onslaught and often crash as a result. 

However, this aggressive move was unique. Aside from the fact that it utilized IoT devices rather than conventional computers, it was also found to be a 400 gigabits per second attack, according to ComputerWeekly's Warwick Ashford. To put that into context, Oliver Cragg of the International Business Times reported on a 470Gbps attack that has been considered by many to be the largest on record to date. 

While the LizardStresser incident is certainly terrifying in scale, the reason this is relevant to you is how the hackers ended up gaining control over these IoT devices. The most likely attack vector here is the default passwords that these gadgets often come with. When a manufacturer makes a connected machine, they also have to test it to ensure it works. This means that they need administrative privileges, so they'll often program in default passwords.

The issue with this is that people very often don't change these passwords when they bring the device home. This means that a hacker can often find these login credentials online, or even use a computer to guess common phrases until they have access. Due to the IoT's relatively new notoriety, coupled with the fact that people often don't understand the need for securing devices that aren't traditional computers, cyber criminals can compromise a large swath of devices without much effort. 

Hackers are looking to compromise your IoT gadgets. Hackers can compromise IoT devices to leverage DDoS attacks.

More IoT devices = more targets

Computer science in general is all about taking the path of least resistance, and hacking is no exception. So, it makes sense that cyber criminals would target an attack vector that is not only unsecured but also extremely numerous. This last point is going to majorly affect the IoT's security in the years to come, as industry experts agree that this trend is only going to get larger. 

Exactly how many gadgets will be under the IoT banner in the future is a topic of hot debate, but it's reasonable to assume this number is certainly going to increase quite a bit. Gartner has predicted there to be more than 20 billion IoT devices up and running by 2020. That's a huge amount of machines to play with. If only a fraction of those are left unguarded or protected by default passwords then a hacker could recruit as large of a botnet as he desired. 

Users need to know the risks

The IoT is an incredible advancement, and just because there are some issues here doesn't mean you should avoid the trend altogether. There's clearly a major danger here that the industry itself needs to address, but at the end of the day, people need to take responsibility for the security of their own devices. 

The best way that you can protect yourself is to change the default password on any gadget that you purchase. Hackers are relying on you either forgetting about doing this or simply not caring, and they will exploit this for personal gain.