*****The following article, by Jeff Finn, appears within the Featured News section of The Stack’s web site and was originally published on March 22, 2017.
For customers purchasing Internet of Things (IoT) devices – a group that either includes or will include just about every one of us soon enough – it’s easy to get excited about the idea of smart light bulbs, speakers, thermostats, power outlets, and a host of other convenient, connected hardware the market offers. The chief selling point of most IoT devices is their functionality and simplicity, enabling us to control or track everything in our lives with our voices or our phones.
Affordability is also a key driver of sales for many of these connected gadgets, which aim for widespread adoption. What isn’t a factor in most IoT device purchasing decisions is whether or not the device features effective security to safeguard against hacking. It’s an increasingly concerning consumer blindspot that is already having detrimental effects on the availability of the internet as we know it.
What we consumers don’t know is that millions of household IoT devices worldwide have already been taken over by hackers. That innocent smart light switch that’s so handy might in fact be, unbeknownst to its owner, moonlighting as a mercenary of a botnet army carrying out distributed denial of service (DDoS) attacks.
To prepare and execute these attacks, hackers take advantage of software that can search networks for unsecured and vulnerable IoT devices. They then introduce malware that allows them to access and control those devices at any time. In a DDoS attack, hackers will direct the bandwidth of thousands – or, in some cases, millions – of connected devices to overwhelm network infrastructure, effectively making it impossible to fulfill the internet requests of legitimate users.
Botnets made up of corrupted IoT devices have been all too successful at these attacks. Last year, the DNS provider Dyn was the target of an IoT botnet attack that affected as many as 10 million IP addresses, taking sites like Amazon, Twitter, and Spotify offline. A follow-up attack by the same botnet managed to interrupt internet access to the entire country of Liberia. But these attacks don’t always target a party unrelated to the devices: just a few weeks ago, Verizon reported that a university faced a botnet attack using thousands of its own IoT devices (and even campus vending machines) to interrupt its network and lock administrators out of systems. Read more.