Internet of Things (IoT) is said to be the future of technology where everything will be seamlessly connected to each other and coherently complement each device in order to increase productivity and remote management.
IoT definitely seems like a concept brought to life like in those sci-fi movies and novels we’ve seen. Unfortunately, there’s a dark side to this which has been almost neglected so far.
Imagine This Nightmare Scenario
As more devices become connected, they become more of a security risk. If there’s anything that modern technology has taught us, its that nothing is secure and anything can be hacked, even if you ignore tech giants and government agencies snooping on you via your gadgets.
Malware targeting IoT devices exist. In fact, they’ve come of age even before the IoT boom started. We are yet to see futuristic connected home equipment becoming normal and yet the world is already alarmed by the destructive prowess IoT brings to the table. Hackers can take control of your home, and that’s just the start.
Why IoT Devices Are So Vulnerable?
IoT attacks have been predicted since before IoT was a thing. There was loads of speculation regarding the hijacking of home automation devices and security devices. What good is a security device if it can’t even keep itself secure. Surely, future attackers would find easier ways to hack into these devices and do anything they want.
Poor security on many of the IoT devices makes them a soft target in this hack-and-enslave game. Victims do not even know they are infected. On the other hand, attackers are well aware of the lax security protocols in IoT devices and all they have to do is program malware to control those devices via the standard passwords.
However, for the time being the attacks seem to have taken another direction. Present hackers seem to be less interested in the victims and more in hijacking a device to include it in the botnet.
What is botnet?
When a device is infected and the attacker has complete control over it, the device is known as the attackers bot (more like zombie nodes). When the attacker creates a network of these bots, connecting them for an ulterior motive, it is called a botnet.
How Are These Botnets Used?
Hackers have found that botnets are a far better way of carrying out Distributed Denial-Of-Service (DDoS) attacks. DDoS is a type of attack where multiple compromised systems (usually infected with a Trojan) are used to target a single system choking its bandwidth connection requests. The targeted system, which is not designed to handle such traffic, succumbs to such attacks and crashes.
Using the IoT devices as their puppets, attackers have been creating more powerful and more sophisticated DDoS attacks. The world wasn’t even ready to manage the old level of attacks, but these IoT botnet powered attacks are on a completely different level.
IoT Powered DDoS Attacks
Most DDoS attacks are under 20Gbps when using the normal technique of controlling infected computers. However, ever since the IoT devices have entered the market, these attacks have been far more powerful. About a year ago, the world witnessed the most powerful DDoS attack with a bandwidth of 400Gbps, astoundingly greater than a standard attack.
Fast forward to a few months ago and we witnessed a 600Gbps attack. Taking down all BBC websites, It remained the largest DDoS attack in internet history. Well up until last week at least.
KrebsOnSecurity was attacked with a 620Gbps DDoS. Guess what was powering all these attacks. Yes these were IoT devices owned by innocent individuals. Attackers used routers, security cameras and other similar IoT gadgets to put the hurt on.
A few days passed and now we are hearing of a French Web Host being pounced on by a staggering 1.1Tbps DDoS attack. Nearly 150,000 IoT cameras and other such devices were used and it is believed that the attack volume went as high as 1.5Tbps. That beats the previous record by a massive 150% and that’s in less than a week.
What This Means for IoT Gadgets?
All IoT devices can connect to the internet, even the coffee makers and refrigerators. They have the power to do so but their operating systems usually limits this. Power and processing limitations on these devices usually mean they don’t come with advanced security features nor are they updated as other regularly used smart devices like smartphones. This makes these devices very vulnerable to hacks.
DDoS attacks are a menace which can’t even be handled by the likes of, as we saw last year, Sony and Microsoft. With even more powerful attacks inbound, the internet needs to prepare itself for the worst very quickly.
Highest number of IoT attacks, nearly 60 percent, originate from China and the US alone. These two are also the countries with most number of IoT device users. If manufacturers want to produce IoT devices, they will have to improve their security systems. If they aren’t even able to protect the biggest and most advanced IoT markets, then there is worse in store for the underdeveloped world.