A few weeks ago on October 21, hackers launched a series of Distributed Denial of Service (DDoS) attacks that effectively crippled a large portion of the Internet. For several hours, many users were completely unable to access the Internet as a botnet flooded DNS servers with traffic.
So how did the hackers pull it off?
Rather than target PCs and smartphones, they set their sights on Internet-connected devices such as DVRs, web cams, and even smart refrigerators. These devices might not be powerful, but there are tons of them, and they are notoriously insecure. By targeting these unsecured nodes in the Internet of Things (IoT), hackers were able to bring the web to a screeching halt with a disturbing level of ease.
Now, the Broadband Internet Technical Advisory Group (BITAG) has released a list of recommendations that focus on making the IoT more secure. BITAG’s report identifies a number of common security flaws in IoT devices, and offers strategies for software developers and device manufacturers to improve IoT security.
The report noted that many IoT devices lack consistent software support, and are sometimes even shipped from the factory with software that’s already outdated. This can make them far more vulnerable to intruders than PCs and smartphones which receive regular security patches. Likewise, BITAG is urging manufacturers to provide consistent software support and release automatic security patches as most users are unlikely to manually update devices on their own.
The report focused heavily on IoT network security as well. Many IoT device connections are unencrypted, and some don’t require user authentication of any kind. These glaring security flaws would be completely unacceptable in a desktop operating system, but they’ve become the norm among IoT device manufacturers.
Without robust encryption and software support, IoT devices will continue to be a serious liability to the welfare of the Internet. Fortunately, the attack on October 21 may have served as a wake-up call for device manufacturers and regulatory agencies that will force them to improve IoT security protocols in the future.