Internet of Things - taking over our brains AND our computers

One of the great promises of modern life is the Internet of Things - you know, where all those little gadgets and thingy-dos in your world are connected to the internet, and we can control them and talk to them and interact from everywhere. This is a really slick bunch of stuff and a lot of it is intriguing, and remarkably cheap, all things considered.

One of the prices we're all paying for the cheapness is an appalling lack of security. More and more we not only have to worry about computer security on our computers, but on all those devices around the house.  The worst thing is that we all know we need to upgrade our computers, and have security software, blah-blah-blah.  But nobody seemingly gives a lot of thought to the security of the network equipment in our houses, or your internet-connected thermostat, Alexa box, refrigerator, or streaming video box.

Turns out this is becoming a huge problem. Many of our home internet network devices are designed to be cheap, and easy to set up, but not necessarily secure. Worse, although the manufacturer of your cute little wireless router may provide security updates for it, let's face it, hardly anyone pays attention to that and upgrades that firmware on a regular basis - do you? This is a particularly vulnerable part of our network infrastructure.  And all of those new internet connected devices are a problem too.

Recently the Krebs on Security web site was taken down by a huge denial of service attack on the site. This is a web site run by a renowned security researcher. And it was behind one of the most powerful CDN systems (Akamai) which was intended to protect the site from DDOS attacks.  But down it went, receiving attacks from all over the world in a volume that has not really been seen before. Since Akamai had been providing the service to Krebs for free, they made a business decision that they simply could not protect a free customer from an attack of this magnitude, so they let the site die. And it was all launched not from hijacked computers, but by other internet devices, all of which were under the control of a huge botnet. This becomes more of a problem now that so many of us have the luxury of high-speed connections to the internet. With such powerful connections, even a lowly gadget in your house can become part of a network and cause havoc with web sites and other parts of the internet. 

The good news is that Google rode in and offerred to protect Krebs, so the site is now back up - but the cost of protection from this level of attack is very high, and is not available to everyone. 

Today, the source code for the botnet involved was released - so it seems likely we are going to be seeing many more of these sorts of DDOS attacks against web sites in the near future. Additionally there are other competitor botnets of IOT devices that are even bigger and promise to deliver crippling attacks on sites for a reasonable price. Sadly the cost of launching one of these attacks is much lower than the cost of defending against it.

This is all a fairly new development, and frankly the world is not ready to defend against it. So - next time one of your favorite web sites disappears, expect that the fault may not be the site itself, but is more likely routers, fitbits, thermostats, and refrigerators, all launching an attack at once.  

This is not good. 

Community

Community

Wiscommunity Section

Wiscommunity Section
Tech News