Last month a sizeable attack on internet service provider Dyn brought down major websites such as Twitter, Facebook, Netflix and news sites including the Guardian and The New York Times.
This was a cyberattack made possible by the use of smart devices (these days that’s everything from webcams and televisions to baby monitors and refrigerators) that are relatively easy to hack into thanks to manufacturer’s failures to program adequate security into their products. These devices were then utilized in what the media has described as a “zombie army” in order to flood servers with traffic.
Who would have thought that the smart appliances you bring into your home could end up posing the biggest threat to your way of life. A refrigerator that spies? A speaker that records your conversations? Or how about your XBOX taking control of your house’s security system? These are just some of the possibilities of interconnected and vulnerable IoT devices.
Many experts have suggested that the DDOS attack was a blessing in disguise, allowing us to take a closer look at the vulnerabilities around us and boost governments into regulatory action. Dan Kaminsky, a lead scientist for the cybersecurity firm White Ops said in the aftermath of the October attack that, “Nothing survives floods of this nature, existing or theoretical, centralized or decentralized.”
Of course the effect of this particular cyberattack on Dyn was minor, only causing websites to crash for a brief time. But experts are warning that if critical services were targeted in a similar attack then the potential for disaster could be very real.
Kenneth Cukier is the coauthor of the 2013 bestseller “Big Data” and a senior editor at The Economist. He tells us that, “The Dyn attack was foreseen for many years — it’s just that no one believed the warnings. Security experts have been screaming about the vulnerabilities of the internet for two decades, which is made even more insecure by net-enabled devices like printers, baby-monitors, cameras and wifi routers. They are all “sleeper agents” for this sort of attack.”
Security firm Norse shows real-time cyberattacks worldwide
Right now there are around 6 billion connected devices globally, but by the year 2020 it’s estimated that the Internet Of Things will reach 21 billion devices, all of which are at the moment extremely vulnerable and easily “weaponised” by hackers.
One of the problems is that the IoT began to develop and grow very rapidly, before all the consequences were realised. As a result we now find ourselves playing catch up to improve the security of the open internet. “There’s no incentive to build strong security into products,” says Cukier. “No one buys a printer or digital camera because their wireless chips have strong encryption; people care about printouts and pixels. So security is just an added cost, and in the low-margin hardware business, companies do the bare minimum and hope for the best, while customers don’t care.”
In the wake of last month’s cyberattack some people claim that the solution is to take devices offline. Chinese manufacturer Hangzhou Xiongmai Technology recalled millions of internet connected cameras, but most companies have not taken the same measures. James Stavridis of Foreign Policy, argues that “There are too many benefits to linking our world together to slow that process down. The real question is: How can we prevent such attacks?”
Demands are being made to place firm laws on the security of smart devices. “If the courts made IoT manufacturers liable for monetary damages as an “accessory to the crime” unless less they took all necessary precautions, then the manufacturers would need to hold insurance against suits, and to lower premiums and be eligible for coverage, they would need to regularly demonstrate sound security practices,” argues Cukier. “It wouldn’t solve the problem because there is no solution to it, but it would help manage the problem by making such attacks just a little bit harder to pull off.”
For now there seems to be no long term solution to the security issues surrounding the IoT. And frighteningly this latest attack may not be the wake-up call that it should be. Kenneth Cukier believes that the incident will soon be forgotten and the issue brushed underneath the carpet once more. “We live in a post-reality universe. People know cigarettes cause cancer and still smoke. People know they need to save for retirement but don’t. People know complex economic matters require specialist to make decisions but vote on emotional grounds. People know of the dangers of nuclear weapons but vote for untried, erratic, irresponsible leaders.
“Please don’t expect rationality to rescue the internet from the risk of the Internet of Things — it ain’t gonna happen.” But with Christmas just around the corner, the most rational thing you can do is choose a gift that has put some emphasis on security, for all our sakes.