Last week’s DDoS attack against Dyn Inc. had an impact on many organizations beyond the reported hits to PayPal, Twitter, Amazon, Spotify, and others. Even Cutter’s website search function was out of commission for a short while! Experts have warned that at some point, smart versions of devices such as refrigerators, televisions and thermostats could be manipulated to alter their basic functions, but did anyone foresee that these devices would be used to launch a third-party attack? This isn’t the first time it’s happened, and it’s not likely to be the last.
In the July 2016 Cutter article Securing the IoT: It Takes the Global Village, author David Tayouri discusses the threats Internet of Things (IoT) devices are exposed to, emphasizing personal, household, and everyday use devices, including examples of attacks or proven vulnerabilities. He writes:
If, a few years ago, someone had said that TVs and refrigerators could be compromised by hackers to send malicious emails, you would have laughed at them. But such an attack indeed happened on January 2014 — the first known cyberattack to use smart household appliances. This global attack campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multimedia centers, TVs, and at least one refrigerator that had been compromised and used as a platform to launch attacks.
Tayouri observes that “these devices are very vulnerable to manipulation by hackers” and that cybercriminals have begun to commandeer components of the IoT and transform them into ‘thingbots’ to carry out the same type of malicious activity.” In addition to identifying the threats, Tayouri goes on to provide thoughtful suggestions as to what can be done to protect the IoT against them and elaborates on the reason the threats have not been effectively addressed up to now. He also proposes action on a number of fronts: legislation, regulation, and, importantly, consumer practices. He also enumerates seven actions that can be taken now to reduce the success of cyberattacks on smart devices. You can read a complimentary copy of the complete article Securing the IoT: It Takes the Global Village here.