You may be asking right now, “What the heck is the Internet of Things?” IoT, as it is also called, is what we call all of our gadgets that are internet aware. These are gadgets that can talk to each other, and to us humans, across the internet. Things like smart TVs, refrigerators, those smart doorbells, surveillance video cameras, sensors, DVRs, some routers, and other devices. When we buy these devices many of us take them home, or to the office, plug them in and they just work.
Right now, one of the largest attacks in history is taking place using—Internet of Things devices. The IoT devices tend to be an easy attack point because most people don’t change the default passwords when they install them. We are anxious to use them and interact with them. The trouble is they are easy to interact with and it was only a matter of time before someone figured out to take them over and use them to create a large attacking network. And once under botnet control, they can be used to attack other things.
This attack is ongoing right now!
Who wants to think their newfangled refrigerator is under attack? Or that new smart TV that streams Netflix or Amazon or countless other things? These devices are simple. They are easy. Oh, did I mention they usually have default passwords and user accounts?
Never take a device home, plug it in, and assume it is secure.
The first thing you must do when setting up new devices is change the factory defaults. Everyone knows what they are. The latest attack, called Mirai, reported by Brian Krebs of krebsonsecurity.com says, “The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default usernames and passwords.”
Default usernames and passwords folks. This botnet attack is responsible for one of the largest attacks ever seen, also reported by krebsonsecurity.com. One person I know went home and changed the user name and password to his home weather station equipment as a precaution.
What can you do? Immediately change the default logins of any internet aware appliances, devices, or gear. It is also a good idea to begin changing your mindset about IoT devices. Not to scare you at all, but really if a device touches the internet, it is usually a good idea to believe it can be touched by someone else you don’t want interacting with it. At least changing the default username and passwords will give some protection. It’s synonymous with locking the front door to your house. It’ll deter most people from entering.
I’d also consider using LastPass to help you manage all of those device passwords. Don’t write them down on paper. Regardless of which password manager you use at home or work, most of them have the ability to create “Secure Notes.” In these notes, store the passwords to your IoT devices.
And when shopping for that new refrigerator, think twice about getting one that sends information to your smartphone.
- Sourcecode for IoT botnet responsible for World’s largest DDoS Attack released Online
- The Internet of Things is Far Bigger than Anyone Realizes
This is a Security Bloggers Network syndicated blog post authored by Jeff Evenson. Read the original post at: Security Friction