The increasing number of internet-enabled devices has created a new platform for distributed denial of service attacks.
DDoS hackers revealed the unprecedented level of risk posed by insecure, internet-enabled devices by exploiting the internet of things (IoT) to conduct a distributed denial of service (DDoS) attack in October, 2016.1 DDoS hackers exploited millions of small, insecure internet of things (IoT) devices to conduct a distributed denial of service (DDoS) attack in October, 2016. It’s no secret that computers and cellphones are vulnerable to malicious actors. Whether through phishing, malware, trojan horses, or DDoS, hackers are constantly testing the state of cyber security for vulnerabilities they can exploit for political, financial, or recreational purposes. While security precautions are becoming more common for mobile devices and computers, those measures have not kept pace with the massive influx of IoT devices. As a result, this security gap remains largely unrecognized. IoT refers to any device which is can connect to the internet and which can be controlled or monitored remotely.2 Their variety is staggering, ranging from baby monitors to speakers, webcams, smartwatches — the list is almost endless.3 Between 2012 and 2014, the number of IoT devices worldwide skyrocketed by 70% to 6.4 billion.4 By 2020, this number is expected to exceed 50 billion, generating revenues in excess of $8 trillion worldwide.5 The IoT is a two-edged sword. While it enables users to start their cars from the office or check on an infant while out to dinner, it also has opened almost limitless possibilities for would-be hackers.
IoT devices enable DDoS attacks. In October 2016, unidentified attackers, using the malicious software Mirai, harnessed a botnet of an estimated 2 million devices to perform a DDoS attack on Dyn – an internet performance management company. This attack overwhelmed server capabilities, downing websites such as Twitter, Reddit, and Spotify.6 At roughly the same time, attackers used the same technique to down the website of journalist Brian Krebs.7 More advanced types of attacks would be difficult, due to the limited software capabilities of most IoT devices. However, as their utility increases and diversifies, so too will the types of vulnerabilities they create.
IoT devices are particularly suited to DDoS attacks because of their sheer numbers and inadequate security. DDoS attacks rely on pinging the target server from thousands, even millions, of compromised devices. The rapidly increasing number of IoT devices continues to make DDoS attacks, even on large companies and governments, more effective. Even more concerning to corporations, governments, and ordinary people are the weak security systems on which these devices rely. Most IoT users don’t view their devices as a potential tool for hackers, which means they often do not bother to change the device’s password from the default factory settings. Additionally, security is not even on the radar of many manufacturers. As a result, millions of IoT devices like doorbell cams and ovens lack basic encryption and the ability to install security updates.8
As the array of threats to the cyber world steadily expands, developers, manufacturers, and governments need to adapt to combat them. New risks also mean a new market, and one that promises to be lucrative. Software developers should focus more on security measures for IoT devices. Manufacturers should intentionally work with developers to develop systems designed specifically for the capabilities of the devices they are producing. Eventually it may be necessary for the US federal government to develop baseline regulations for the security of certain devices. Fundamentally, awareness needs to improve. Customers, producers, and the websites and service providers coming under attack need to know more about this threat so they can better respond to it.■
- 1. “Can we secure the internet of things in time to prevent another cyber-attack?” The Guardian. October 2016.
https://www.theguardian.com/technology/2016/oct/25/ddos-cyber-attack-dyn-internet-of-things
- 2. “What is the Internet of Things (IoT)?” Business Insider. December 19, 2016.
http://www.businessinsider.com/what-is-the-internet-of-things-definition-2016-8
- 3. “NSTAC Report to the President on the Internet of Things.” THE PRESIDENT’S NATIONAL SECURITY TELECOMMUNICATIONS ADVISORY COMMITTEE. 2014.
https://www.dhs.gov/sites/default/files/publications/IoT%20Final%20Draft%20Report%2011-2014.pdf
- 4. “Stepping Up Security for an Internet-of-Things World.” The New York Times. October 16, 2016.
https://www.nytimes.com/2016/10/17/technology/security-internet.html
- 5. The New York Times.
- 7. “How Your Internet-Enabled Device Could Be Hijacked to Launch Cyber-Attacks.” ABC News. October 24, 2016.
http://abcnews.go.com/Technology/internet-enabled-device-hijacked-launch-cyber-attacks/story?id=43020121
- 8. “The Internet of Things is being used to launch massive cyberattacks.” Business Insider. October 24, 2016.
http://www.businessinsider.com/internet-of-things-cyberattacks-2016-10
Image Credit:
Good Free Photos | https://www.goodfreephotos.com/albums/business-and-technology/cellphone-selfie-of-railroad-and-sky.jpg
Spring 2017
Volume 20, Issue 1
10 March