How the "Internet of Things" Can be Used Against Us
Time and time again, users of the internet and internet-connected smart gadgets are told to secure their personal information and beef-up their electronic security. While most users do their best at keeping their passwords secret and their personal details off of unsecured websites, many are also unaware of a potentially massive flaw in their security: their internet-connected non-smart devices. The many appliances, machines and device parts that can talk to each other with minimal human interaction are part of mass network known as the “Internet of Things,” and they are unwittingly becoming a tool in massive cyberattacks.
The Internet of Things, or IoT, is defined as “the infrastructure of the information society” by the Global Standards Initiative on the Internet of Things. In general, the IoT is seen as a boon to the growth of a modern digitally-integrated society because of how much efficiency and accuracy it can bring to a world filled with connected electronic devices.
Instead of humans rigorously programming every interaction into every device, they program these devices to monitor themselves and their environment, then they autonomously flow the data to other devices. The IoT doesn’t have a network unto itself or need one, but it can use already existing networks to function. A pet with an RFID chip, a person with a wireless heart monitor and a Wi-Fi-enabled refrigerator are all considered parts of the IoT.
When devices and machines talk to each other without the need of direct human control, both good and bad things can happen. For the most part, people enjoy the benefits. A sports wristband can monitor and record your vital signs for upload and review later, a smart TV can consolidate all of your streaming services and businesses can tailor their services to the habits of their customers. But all of these devices, which can be connected to the internet in the same way your computer might, create “cracked windows” in the “wall” of digital security.
The late October attack on DynDNS and a very recent attack that managed to infect 3,500 devices in just five days, according to Ars Technica, are examples of how the IoT can be used against us. Both of these attacks, and many others like them, utilized IoT botnets to conduct Distributed Denial of Service (DDoS) attacks. Worryingly, the latest attack used code directly lifted from an earlier attack that conducted as part of an ethically questionable research product.
In general, these attacks utilize “botnets,” which are created when a malicious program takes control of a horde of unsecured devices or computers. These bots then send erroneous messages to a target over the internet, which then overwhelms the target by sheer data overload.
The IoT plays into this problem because many of these internet-connected devices lack the proper security measures that a normal computer would have, despite having just as much access to a network. While the “things” in the IoT are often simple and don’t have much “brains,” they have enough hardware and software strength to be a bot in a botnet by just sending out signals and data requests. In some cases, an attacker can even take control of a device.
Until electronics manufacturers build in better security measures to their devices, their products will continue to offer a possible vector for attackers to access secure networks, conduct attacks using unsecured devices or even control the same unsecured devices. So until such measures are in place, try and ensure all your wifi-enabled appliances are secured and think twice about that new Bluetooth spatula.