The Internet of Things connects us and our devices in amazing ways. But it can also wreak havoc on our world.
If you’d never heard of the Internet of Things (IoT), you likely know it now. On Friday, October 21, a massive Distributed Denial of Service attack pummeled popular sites like Google, Twitter, PayPal, the New York Times, and Spotify—crippling them for hours and frustrating millions of users.
The strike targeted the servers at a DNS-services company called Dyn, which in turn, disrupted huge swaths of the Internet. Companies that depended on Dyn to keep their sites running (like those listed above) were virtually inaccessible during the fiasco.
Most unusual—and unsettling—was that, instead of exploiting computers, crooks co-opted tens of millions of Internet-connected things in homes in 164 countries.
They infected many with the malicious Mirai botnet, which scours the web for insecure devices that are (barely) protected with manufacturer-provided or easy-to-guess usernames and passwords.
The malware invaded closed-circuit TV cameras, DVRs, printers, routers, and other IoT devices. Digital video recorders were the main culprits.
Once poisoned, the devices spewed so much junk traffic at Dyn, its servers caved under the pressure—and legitimate visitors couldn’t access the affected websites.
Envision tens of millions of data packets bombarding a database, and you’ll get a sense of the size and complexity of this cyber attack.
Hacking IoT devices is often so simple, it takes just a minute or two. But the consequences are far-reaching and potentially dire.
What is the Internet of Things?
One of the first IoT devices, the ATM, dates back to 1974. Now the Internet of Things is made up of all the Internet-connected devices in our homes and offices that collect and exchange information.
IoT in Our Personal Lives
Baby monitors, automated lighting, smart fridges and other kitchen appliances, smart watches and fitness bands, smart TVs, music systems, cellphones, washing machines, cars, webcams, routers
IoT in Business
Jet engines, factory equipment, climate-control systems
IoT in Health
Heart monitors, pacemakers, insulin pumps, smart pills, connected monitoring patches
IoT in Cities and Towns
Traffic signals, digital sensors in roadways
What Are the Security and Privacy Risks?
The Internet of Things allows us incredible convenience, efficiency, and power. It can improve our health-care system, food production, transportation, and energy consumption.
But the risks are real. IoT devices collect personal data that’s shared with other devices and stored in companies’ databases.
On the heels of October’s Mirai assault, cybercriminals will continue to have a field day with our increasingly Internet-connected world. And since the source code for the Mirai botnet has been released to the public, we can expect more attacks.
How to Prevent IoT Attacks
While manufacturers focus on improving the security of these devices, consumers must be super vigilant, too.
Here are four things you can do:
1. Most important: Change your password!
Never keep the manufacturers’ default settings or use lame passwords like 1111. Mirai scans the Internet for weak login credentials, which is how it ensnared millions of devices in October.
Make your passwords long, strong, and tough to crack. And don’t use one password across all devices. For tips, check out our blog post, “Why You Need Strong Passwords & How to Create Them.”
2. Update your device regularly.
Install automatic updates or check frequently with the manufacturer for firmware updates and device patches to ensure you’re running the latest, most secure version.
Restarting your devices can wipe away malicious code. But it’s not foolproof, as new scans can reinstall the malware. Protect yourself by implementing points 1 and 2.
4. Spread the word.
Encourage students and staff to work in a cyber-safe environment at home and at school. Share this info with them—and with parents.
What experiences and/or tips can you share? Let us know in the comments section.