On Friday, October 21, 2016, millions of ‘smart’ home devices designed to connect to cloud services on the Internet began generating traffic intended to shut down many popular websites, such as eBay, Amazon and Twitter.
This attack is known as a Distributed Denial of Service (DDoS) and it targeted a company called Dyn, who provides major infrastructure for large, popular websites. This “Internet of Things” based attack use recently released hacker software, called Mirai, to find and take over these devices–converting them into a botnet. This Mirai malware targets “smart” devices connected to the Internet, like security cameras, baby monitors, DVR’s, refrigerators…you get the idea. The main design point for these IoT Devices has been to make it easy for anyone to pull it out of the box, plug it in and be connected.
Because of their nature, IoT ‘smart home’ devices are often very insecure, and are rarely, if ever, updated with security patches.
Mirai turns these insecure Internet “things” into remote controllable fire hoses, which can direct Internet traffic at a common target, overwhelming it in a “distributed denial of service” attack (DDoS). It looks like this attack may have involved up to TEN MILLION such devices, being controlled as a single cohesive network of zombies, to attack a critical part of the Internet infrastructure.
Our experts, along with the rest of the security community has been screaming warnings for a few years now about the IoT creating a looming insecure hole that could disrupt our daily lives. It’s no surprise that these devices can and would be leveraged for this exact purpose.
This is just the beginning. Someone flexing their muscles. Many of those same devices won’t be updated or patched, much less made more secure. It would be a massive effort to update and secure hundreds of millions of devices which the owners essentially have zero control over.
What can you do? Here’s one site that provides a tool you can run from your home or business to harden, or secure, your smart devices: Bullguard IoT Security Scanner