First point to understand correctly this article, the definition:
The internet of things (IoT) is the internetworking of physical devices, vehicles, buildings and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data.
In summary it means any "thing" that has an electronic chip connected on a network. It will be your lamp bulb, surveillance camera, fridge, grass mauler, vacuum cleaner, etc... but may also be you hearth or your brain in the future...
The problem with these "things" is their default security which is... almost non existant. The default admin password is usually very simple or even empty, which means anyone that can access your device can manipulate it...
A recent example at OVH has showed they suffered a global DDoS attack on their infrastructure for a bandwidth of more than 1Tbps. You read it well, 1Tbps! It means 1.000Gbps or 1.000.000Mbps... Think about your home Internet connection which is somewhere around 100Mbps...
Again some definitions to help you understand:
- A denial-of-service (DoS) attack is an attempt to make a machine or network ressource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
- A distributed denial-of-service (DDoS) is where the attack source is more than one, often thousands of, unique IP addresses.
In this case the attack came from a botnet composed of 145.607 cameras/dvr. These IP cameras are poorly secured by default and someone can take control of it remotely without much effort... Even malwares are already targeting these devices.
Two last definitions:
- A botnet is a number of Internet-connected computers communicating with other similar machines in which components located on networked computers communicate and coordinate their actions by command and control (C&C) or by passing messages to one another.
- A Malware, short for malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising.
In conclusion I wanted to draw your attention on what is coming in the future (IoT) and that you have to be aware the security of such devices is crucial! You can't just plug them on the network and leave them alone! Experts estimate that the IoT will consist of almost 50 billion objects by 2020. Imagine the impact of a DDoS attack of such a size! The whole Internet could be impacted...
Don't hesitate to contact us if you have any question, EASI can help you analyze your devices/network security and help secure it as needed!
One last point, thanks Wikipedia for the definitions!
