On October 21st, a distributed denial of service (DDoS) attack took out major websites such as Twitter, Netflix, and Reddit, among others. The cause of the attack was malware known as Mirai. This malware took advantage of the lack of security within Internet of Things devices by scanning the internet for devices that still have default username and password combinations and then taking control of those devices. Mirai formed, essentially, an “army” of IoT devices to carry out the DDoS attack.
The attack interrupted a DNS managed by domain registration service provider Dyn. A DNS is how computers translate a web address into the correct code for a given website. This attack, by interrupting the DNS, prevented internet users from accessing a variety of websites.
The Mirai software is available on the internet; the source code for Mirai was uploaded to the site Hackerforums. One source suggests that the leaking of the source was intended to throw off those investigating the attack. Regardless of intention, the availability of Mirai makes another IoT-based attack a distinct possibility.
These attacks force us to confront a frightening flaw in the Internet of Things; despite its potential to simplify lives and increase productivity, IoT devices generally are not secure. Coupled with the fact that IoT devices require large amounts of information about their owners, these devices could pose a large privacy risk. In the DDoS attacks, the attackers gained control of the devices in order to interrupt a DNS. However, it is possible that other attackers could gain control of these devices in an attempt to steal personal information.
Hopefully, these recent attacks will lead to increased security in IoT devices. It is not imperative to our security that we dismiss the Internet of Things entirely, but changes must be made for the sake of the users’ and owners’ privacy.
Sources:
http://www.theverge.com/2016/10/21/13362354/dyn-dns-ddos-attack-cause-outage-status-explained
http://gizmodo.com/this-is-probably-why-half-the-internet-shut-down-today-1788062835