“Bits n Bytes”
From net-connected sex toys to smart light bulbs you can control via your phone, there’s no doubt that the internet of things is here to stay.
More and more people are finding that the devices forming this network of smart stuff can make their lives easier.
But that convenience may come at a high cost – namely security.
Def Con, which sees 15,000 of the world’s top hackers gather in Las Vegas, was this year studded with talks about the security shortcomings of IoT (Internet of Things) gadgets. Holes, data leaks and bugs have been found in everything from CCTV cameras to solar panels, thermostats to door locks. One talk about the bugs in those sex toys revealed that these intimate gadgets are being perhaps too candid with data about the people enjoying them.
And there is starting to be evidence that cyber criminals are waking up to the potential for IoT devices to help them carry out attacks that revolve around bombarding websites with more data than they can handle – a Distributed Denial of Service attack (DDoS).
Home CCTV cameras, domestic routers and other smart devices have all been used for these kinds of attacks.
“Using these devices to DDoS a site makes a lot of sense,” said Raimund Genes, European technology head at Trend Micro.
Many cyber criminals who run networks of hijacked machines that can be used to DDoS a site are switching to IoT devices, he said, because they are easier to find, take over and manage than the networks of PCs that are more traditionally used for these types of attack.
While criminals might abuse in-home devices for attacks, they were unlikely to target individual devices in homes with a view to crashing them or locking them up with malware and demanding a fee to free them. At the moment they are making much more money from ransomware on Windows PCs,
Many large firms were now starting to put in place smart systems that manage heating and lighting in buildings, branch offices and factories. Companies could make big cost savings with such systems, giving them a powerful motive to install them.
As these IoT devices are built to work inside offices rather than homes they are typically controlled by more powerful chips. Unfortunately work suggests they share the same security failings as their smaller counterparts.
This might make them much more attractive to the types of cyber thieves keen to get at corporate networks.
And indeed, what was foreseen has indeed come true, as towards the end of October Hackers used internet-connected home devices, such as CCTV cameras and printers, to attack popular websites on Friday, closing down amongst others Twitter, Spotify, and Reddit were among the sites taken offline on Friday.
And this is just the beginning …..