You may have noticed some hiccups on the internet last Friday. Facebook went down, then Twitter, Netflix, Amazon, the Wall Street Journal, and the New York Times. They were all victims of a coordinated attack on the infrastructure of the internet, making it impossible for millions to connect to their favorite websites. If you were trying to waste some time online last Friday, hackers weren't going to make it easy for you.
What set this attack apart, though, was how it was accomplished: through the Internet of Things. Hackers commandeered thousands of internet-connected devices like webcameras, routers, and baby monitors, and turned them into weapons used to cripple the net.
The Machines Have Risen Up
Here's how the attack appears to have gone down. Thousands of devices engaged in a distributed denial of service (DDoS) attack against the servers for Dyn, a domain name system host. In a DDoS attack, nearly endless data requests are sent to a server, overwhelming it and preventing it from responding to legitimate requests. Since this DDoS attack was targeted at the domain name system, it meant that when you typed in Facebook.com, the servers were too swamped to actually connect you.
DDoS attacks are not novel. What is novel about this internet outage, though, is that it made use of the Internet of Things. Suddenly, household items with helpful web capabilities were converted into weapons in a first-of-its-kind attack.
Time to Beef Up Security?
You probably have a fairly sophisticated security program installed on your computer, whether it's the built-in protections in your operating system or a software program like Bitdefender or Norton. Your smart thermostat, security cameras, and printers, however, are much less protected. When these devices are connected to the web, so that you can turn off the heat, monitor your home, or print remotely, they become vulnerable to outside hackers.
The more the IoT grows, the more vulnerabilities there are. Today, there are around 15 billion IoT devices. By 2030, there could be 500 billion.
The security risks posed by the Internet of Things is nothing new, of course. There have been warnings about lax IoT security about as long as there has been an IoT, though this most recent attack might be the clearest realization of those fears so far. It could push regulators to act, or the IoT industry to beef up its own security standards.
In the meantime, if you want to keep your own devices from being weaponized behind your back, there are a few simple steps the average consumer can take. Experts recommend changing default passwords for all your devices and making sure to install any security updates. That is, when you can. Many IoT devices simply have no security to improve.