The Scary Side of The Internet of Things
The IOT Gets Scary
You may have heard some buzz about the Internet of Things or IOT. This is the idea that our appliances should all get smarter and be connected to the internet. While there are useful things (smart TVs with built in Internet browsers), and things that sound like they would be handy (a DVR that can download and search the TV listings to find your favorite programs), there are also things that seem a little creepy. (Do you REALLY want your refrigerator to keep up with what you eat and drink?)
Besides all that, the technical press has been discussing the truly scary side of IOT devices for a while now. That is, they are internet connected computers with little or no security, and almost no way to correct flaws. There’s now been a major example of this issue. If you had a hard time reaching Paypal, Amazon, Twitter, Netflix, or other popular Internet services on October 21th, you may have been a victim. An underlying service provider named Dyn was attacked with a massive distributed denial of service attack (DDOS). This made it difficult for many users to reach several of the internet’s top properties.
According to Flashpoint, the attack used a hacker technology called a Mirai BotNet. A BotNet is a collection of hacked computers that can be utilized as weapons or soldiers in attacking a system. What makes Mirai different is that it is designed to hack and control IOT devices. Previously seen in an attack on KrebsOnSecurity, the source code for the Mirai system has now been released, and almost anyone could build their own IOT BotNet.
After action reports indicate this may have been the case in the recent outbreak. Industry experts are of the opinion that this attack was conducted by one or more low level hackers, perhaps trying to experiment with the toolkit, or just show off for their friends.
So just remember the next time you look at your “smart” toaster. It may be a battle hardened robot warrior in disguise.