A little tech topic today, might be a little off topic, but as the internet of things grows it will continue to effect all of our lives. How we organize and secure our digital lives will become as important as our physical lives.
The largest and most damaging distributed denial of service (DDoS) attack took place on October 12, 2016, and one of the internet-connected devices you own may have been part of the incident.
The 10/12 DDoS attack will always be remembered because it managed to block access to social networks and other major websites across large parts of the United States. Reddit, Spotify and Twitter were among the websites by the attack, which directed massive amounts of internet traffic to Dyn, a major domain name system provider based in New Hampshire.
There is another reason why the 10/12 attack will be remembered: the perpetrators took advantage of the many vulnerabilities found within the Internet of Things (IoT), which consists of a large network of smart devices that communicate via the machine-to-machine (M2M).
The IoT is a Dangerous Place
In terms of active connections, the IoT already larger than the "human internet." Information security experts estimate that 50 billion devices will be connected by 2020; many of these devices include modern web cams, digital video recorders, baby monitors, smart home security systems, smart watches, wearable devices to track fitness, and others that establish persistent connections to the internet.
Security has always been lax on the IoT; this much was made clear by the 10/12 DDoS attack. Although there was initial speculation about cyber warfare being waged by Russia against the infrastructure of the U.S., the reality was that curious hackers took advantage of widely available malicious script to pull off the attack. The hackers simply took advantage of the myriad unsecured devices in the IoT to hijack them so that they would become part of malicious network called a botnet.
The botnet used in the 10/12 DDoS attack comprised hundreds of thousands of devices sending traffic requests to Dyn and other vital networks. Herein lies the danger of the IoT: most devices are either shipped with lax security, which means that they can be accessed without a password or else the default credentials set by the manufacturers are widely known but never reset by users.
How to Secure the IoT
Security is clearly an IoT issue that needs to addressed. In the wake of the 10/12 attack, experts have a few ideas in this regard, but there is no consensus.
One theory is that consumers will become aware of the need for IoT security and start to reject devices with flimsy security; however, this may be too much to wish for since users of devices with passwords set by the manufacturers fail to make the required changes.
Some of the solutions proposed by experts call for device manufacturers to install security measures such as physical tokens or biometrics such as fingerprint readers. Others have proposed public service announcements to teach consumers about the urgent need to change default username and passwords.
It may take a while before an IoT security standard can be set. In the meantime, it is in the best interest of device owners to change the default passwords on their internet connected devices for the purpose of preventing future situations such as the 10/12 DDoS attack.