Just over a year ago, an army of 250,000 internet-enabled devices attacked US journalist Brian Krebs. Most were cameras and digital video recorders (DVRs). They had all been hacked.
The sudden attack used all the devices simultaneously to flood Krebs' internet connection with online traffic, throwing him offline.
On 21 October last year, the same tactic was used to attack Twitter, Netflix, Reddit and Airbnb. They were all knocked offline together, in what is known as a “distributed denial of service” (DDOS) attack.
If a device can connect to the internet, it can potentially fall into the hands of hackers. That goes for smart TVs, fridges, teddy bears, ovens, hair straighteners and vending machines – even phones themselves. Anything that can be accessed remotely.
Collectively, devices like these are called the Internet of Things (IOT) – and there are already billions of them. Buying a “smart” product you can control from your phone may be all the rage, but often there is too little consideration given to security.
“Most of these devices are running Linux [operating system] versions that are 10, 15 years old,” says Krebs, adding that many manufacturers release such products with no plans to ever update them.
Hacked devices can also be manipulated to act individually. In one case, hackers were able to control the microphone on a company’s wifi-enabled videoconferencing system, tapping boardroom conversations – even when the system wasn’t in use.
Google Security Reliability Engineer Damian Menscher, an expert on DDOS attacks, says consumers buying a wifi-enabled dishwasher generally have no idea it could join a botnet without their knowledge.
“The user isn’t going to realise that that even has an internet connection that needs to be patched, so it’s never going to be updated,” Menscher tells SBS VICELAND's Cyberwar.
The Internet of Things
- Estimated 30 billion devices by 2020
Examples of ‘things’
- TVs, phones, heart monitors, cars, thermostats, drones, toasters, fridges.
Are you in danger from the Internet of Things? Find out on Cyberwar, Thursdays at 8:30pm on SBS VICELAND.
Watch the latest episode at SBS On Demand: