This past year saw the rise of massive DDoS attacks waged by hackers harnessing the power of the “Internet Of Things” to knock out swaths of the internet. You might remember back in October when a large number of popular websites such as Twitter and PayPal were knocked offline by one of the biggest DDoS attacks that was leveled at the DNS provider Dyn. It took down what seemed like half the internet at times, and with PayPal and other merchant processors down such as Shopify, it affected ecommerce and likely cost millions of dollars in sales.
It’s not over either; President Obama made it official that the IoT and attacks that make use of it in a botnet are of primary importance to the next administration.
And according to several sources, including ARS Technica, these attacks are only going to get worse and more widespread. Krebs On Security, one of the sites that was leveled by one of the biggest DDoS attacks in history, reports that there is an army of Sony cameras that could provide fodder for a Mirai botnet.
Mirai works by constantly scouring the internet for connected devices using the factory preset login information and have telnet ability. It then points all these devices in a massive “drone army” type system and sends hundreds of gigabytes worth of data at any target.
And not only that, these Sony camera devices are vulnerable to hacking of others sorts as well, including the ability to distort images or abuse a camera heating feature to overheat and likely break the camera or render it non-functional.
It all boils down to ensuring that devices meant to be connected to the internet are secure, and properly tested by the companies before release. The thing that made Mirai so successful was the sheer number of devices that were either cheaply made by manufacturers rushing them to market as well as lots of Chinese parts that were poorly made and poorly secured – ways for companies to cut corners and get hardware to market faster. However these cut corners result in huge vulnerabilities and gaping holes just waiting for hackers to come take advantage of.
Companies can update the firmware on the hardware devices as well as the software used to run them, however updating is difficult.
Sony did not respond to multiple requests for comment. But the researchers said Sony has quietly made available to its users an update that disables the backdoor accounts on the affected devices. However, users still need to manually update the firmware using a program called SNC Toolbox.
The average user is simply not going to know about these updates, let alone get around to updating them even if they are aware of a patch. Even seasoned computer nerds are often slow to update their systems, and they know exactly how to do it. It seems those who are most paranoid about privacy concerns are the ones who are quick to update, but that is a small minority.
The onus then is on the companies to ensure these devices are tested and safe before distributing them for sale. However in a capitalist economy it may not be worth the extra cost. What may be necessary is government regulations – but we all know how slow the government is when it comes to the ever-changing world of consumer technology.