Your coffee pot, refrigerator, thermostat, and in-home security system are all connected to the internet. Or, if they're not now, they will be one day. Sadly, as the forgotten stepchildren of internet security, these Internet of Things devices are likely doomed to a future teeming with botnets and hackers. But that doesn't mean there isn't hope for the ever-expanding IoT universe -- even if it just so happens to be a thin one. While default passwords and poor update policies all contribute to vulnerable internet-connected devices, there are steps that both companies and consumers can take to make sure their security cameras don't end up crashing Twitter (or worse).
Chinese firm Hangzhou Xiongmai Technology is recalling webcams that were hijacked to stage a major cyber attack last week. The cyber siege took down a wide range of major websites including Twitter, Spotify and Reddit. The attack targeted internet service company Dyn, which controls the'address book' of the internet for dozens of major companies. Security experts believe that'Internet of Things' or IoT smart home devices were harnessed by hackers and use to bombard the websites with requests for information, overloading them and effectively shutting them down. DDoS attacks are a primitive form of hacking using botnets - networks of computers that hackers bring under their control.
With the advent of gadgets like doorbell cameras, smart kitchen appliances and data-logging sensors that track your sleep, the smart home now extends to even the most intimate areas of the household. It's great for general convenience, like knowing whether you left the heater on or locked the door behind you, but these connected devices also bring with them a host of security concerns. We asked Wendy Nather, director of advisory CISOs at Duo Security, for a reality check on what the real vulnerabilities in a smart home are. "The most prevalent threat is automated attacks that are trying to take over devices as they would personal computers, to assemble into a group that can be used for their own purposes," she said. These threats often include denial-of-service attacks, cryptocurrency mining and stealing user passwords.
On Monday, security researchers revealed the existence of several major security vulnerabilities that could be exploited to steal sensitive information shared by users connected to a wireless network. The exploits--known as Key Reinstallation Attacks or KRACK --affect Wi-Fi Protected Access 2 (WPA2), a protocol that is the current industry standard for encryption that is used to secure traffic on Wi-Fi networks. KRACK attacks, which take advantage of a fundamental flaw in the way devices and access points communicate and handle encrypted data, put essentially every Wi-Fi enabled device at risk--though the internet-connected devices that make up the Internet of Things are of particular concern. While many vendors have already quickly moved to offer up a fix for the vulnerabilities--Microsoft has already issued a patch, Apple addressed the issue in earlier versions of its mobile operating system and Google is already concocting its fix for Android--IoT devices are notoriously slow when it comes to addressing security problems. "There might be a lot of [Internet of Things] devices that might not receive a patch in the near future," Candid Wueest, a threat researcher at security firm Symantec, told International Business Times.
This year delivered a chilling warning as we witnessed distributed denial of service (DDoS) attacks on a scale that few thought possible. These attacks - where massive volumes of data are thrown at online systems so they can no longer deal with legitimate requests - underwent a step change this year as attackers learned to harness vulnerable devices that constitute parts of the so-called internet of things (IoT). One nightmare vision for the future is an internet plagued with DDoS attacks based on IoT devices, including some sitting under your Christmas tree this year. Perhaps what we now need is the modern-day equivalent of Dickens's Ghost of Christmas Yet to Come to scare device-makers and the public into changing their ways before it's too late. The IoT holds great promise.