Not the IOT devices!!
Roughly two weeks back, there was a massive internet outage. To go a little into details, a major part of the USA and a bit of Europe was not able to access a huge chunk of internet because Dyn, the company providing the DNS service was taken down by a massive DDoS attack.
This is the largest attack the world has ever seen. Bruce Schneier warned recently that someone is actively learning how to take down the internet. Source code of ‘Mirai’, the script used to launch the historically large 620 GBPS DDoS attack on krebsonsecurity.com is released online. Why would anyone release such a powerful thing for free? Kerbs says, some one is planning on spreading the DDoS disease and selling the cure.
Our world economy runs on internet, its a critical piece of infrastructure. Hackers carried out an attack of this scale by infecting thousands of insecure IOT devices left open on the internet. Using these compromised devices, they sent millions of requests per second to the servers till they melt. Now you don’t need a large network of computers to launch massive attacks. You can outsource it to these cheap, massive, omnipresent IOT devices.
I had a look at the source of “Mirai”, the script used in launching the attack. One of the interesting things I found is this.
“Mirai” is basically trying out a combination of few usernames and passwords. Once any of these combinations match, it can login to the device, infect and use that device as part of its “botnet” to launch the attack. It’s that simple. Now the scary part is, these devices are in millions ranging from your security cameras to DVRs. Out of these at least a few thousands will match the defaults.
So, we, the end users of these IOT products are more responsible for the mishap than we think. Our ignorance or laziness to do the basic things like changing the default username and the password is the major advantage for the hackers.
Right now we have only few devices online. We are bringing in more and more daily, ranging from bulbs to refrigerators and cars. We are wearing some and even ready to go a step further and implant a few. A simple google search will reveal so many of these. So, in future there gonna be more rouge devices coming up online without built-in security.
Users have to become vigilant. To start with there are a few things we can do to secure our collective digital lives…
Once a wise man said, “With Great power comes great responsibility”. We have to educate ourselves to control these so called powerful smart devices and use them wisely. Let’s take responsibility of our devices and their online presence.
Create your free account to unlock your custom reading experience.