Is your home IoT device being used to attack an innocent web user?
Your home security or Internet of Things device could be harbouring a dark secret.
On the 13th March this year I published a blog about the safety of the Internet of Things entitled “Just how safe is the Internet of Things – the Internet of Things that keep you up at night”. Over the months since there has been a huge growth in DDoS attacks on a massive scale launched from unsuspecting third party networks. The scale of the problem is due to the massive growth in Internet of Things, IP enabled, home automation devices and other devices. Devices that are supposed to make our lives easier. But, at what cost? Some lack even the most basic security controls and have become an easy target for cyber criminals. Home security systems – IP CCTV cameras are a particular target. I read an interesting article on the BBC web site yesterday – “Fears of massive net attacks as code shared online”. The upshot is, this problem is going to get much worse before it gets better.
Many of these IP CCTV cameras and early Internet of Things home automation sensors and control devices are very poorly secured and are prime target for hackers and DDoS attackers. These poorly secured devices are enabling DDoS on such a grand and covert scale that cyber criminals are cashing in providing ‘DDoS as a Service’. I heard recently at an Internet security conference that some cyber criminals have even have even gone as far as to set up contact centres so third parties can talk to an agent and discuss their DDoS requirements and organise attacks on their enemies or competitors web sites.
The main theme of my March 13th blog was the scenario of masses of IoT domestic appliances and heating controls being switched and turned on to full power to bring down the national power network. I closed my March 13 blog with a Gartner two predictions: a $5B black market in fake Internet of Things ‘things’ will exist by 2020, and in the same year Internet of Things compromises will account for 20% of annual security budgets. I fear it is going to much worse than this if the IoT industry doesn’t address the situation very soon. The BBC article of 3 October goes some way to demonstrate just how widespread this problem has become and we are only just seeing the tip of the IoT security breach ice berg.