According to some predictions, there will be as many as 34 billion devices globally connected to the internet by 2020. Of these, more than two-thirds are expected to be part of the Internet of Things (IOT).
The Internet of Things has many advantages, such as letting you control you home heating system from your phone, but it also comes with risks. The IoT was instrumental in the recent cyber attack on the US which brought down the internet across large sections of the country.
As the Internet of Things continues to grow and become a more fundamental part of our lives, it is absolutely vital that we understand the cyber security risks it can pose and take steps to mitigate those risks.
The recent attack on the US demonstrates one of the biggest security issues with IoT devices – their potential abuse in Distributed Denial of Service (DDoS) attacks. This type of cyber crime involves flooding a website or other online service with traffic from hundreds or even thousands of devices, stopping legitimate traffic from being able to access the service. Hackers achieve this by first taking control of other people’s devices with malware, creating a so-called “botnet” which they can then use to launch their attack.
Most traditional internet connected devices, such as laptops and smartphones, have strong protections against the kind of malware hackers use to create a botnet. However, many IoT devices have much more basic security. This makes them a tempting target for hackers wanting to launch a DDoS attack, which is exactly what happened with the US attack.
The currently unknown perpetrators of the attack used a piece of malware known as Mirai to comprise thousands of IoT devices, before using them to bring down services including Twitter, Amazon and Netflix. The hacker behind Mirai has since released the source code for the malware, meaning others can potentially replicate the DDoS attack against the USA.
Perhaps of more concern to most ordinary citizens will be the idea that devices in their home could be taken out of their control. Not only can this potentially allow hackers access to large amounts of data about people with compromised devices, it can also let them take control of your devices in really disturbing ways.
We all need to take steps to protect ourselves against compromised devices connected to the IoT. Fortunately, this mostly involves simple measures, such as changing passwords and turning off connected devices when they are not in use.
Impact on manufacturers
Following 16th October’s wide scale DDoS attack on the US, one Chinese manufacturer, XiongMai Technologies, was identified as being behind many of the devices used in the attack. As a result, the manufacturer has been forced to recall many of the affected devices, potentially costing them many thousands of dollars in lost revenue as well as causing serious damage to their reputation.
Manufacturers will have to take steps to protect their devices from these kind of cyber attacks (see below) or they could risk serious harm to their businesses and potentially even end up facing legal consequences.
Protecting the Internet of Things
Many IoT connected devices are compromised easily because their factory default settings use generic user names and passwords. This makes it simple for hackers to find out which login details are used for certain devices or cycle through the most common options to quickly gain access.
Anyone owning a device connected to the IoT should make sure to reset their username and password to something unique and difficult to guess. Manufacturers also need to play their part, however. Following their naming as one of the companies unwittingly involved in the DDoS attack against the US, XiongMai Technologies were quick to point out that their newer devices force users to change their login details when first activated. This kind of simple security measure can have a big impact, helping to protect both customers and manufacturers.
Suffering a DDoS attack can have a serious impact on any businesses ability to function, costing them time, money and potentially damaging their professional reputation. City Business Solutions provide specialist IT security to the legal sector, meaning we can protect the internet of things on your premises, offering complete peace of mind to you and your clients.
To find out more about how we can help keep your business secure, please get in touch.