The Sneaky Threat of ‘Internet of Things’ Devices

Many Americans have begun purchasing and installing smart devices in their homes. Unfortunately, these devices have brought about more security issues for the people whom have purchased them and society as a whole. The issue stems from the quickly increasing number of sensors and remote monitors it uses to manage overhead lights in corporate offices as well as the detailed manufacturing processes in factories. Even governments are getting on board as cities, especially, seek new ways to improve energy efficiency, lower traffic build up and improve water quality.

Can you believe there are tens of billions of these ‘internet of things’ now? They create an interconnected world with the intention of making people’s lives more efficient, secure and enjoyable. However, these same devices aren’t all fun and games. Many of them have no real security protection and are becoming what are referred to as ‘botnets’, large networks of small computers that are vulnerable to breaches by hackers.

These botnets have caused a vast amount of issues, from sending large amounts of spam mail to disrupting websites all around the world. Before, these botnets were mostly laptop and desktop computers, however, now with the growth of unsecured devices such as webcams, smart home devices, etc. their disruptive capabilities are increasing.

Most of the companies that are producing products that are the ‘internet of things’ are small and not well known (if at all) with no popular brands or public reputations to preserve. The goals of these companies are to produce vast amounts of products as cheaply as possible, so the customer’s cybersecurity isn’t of much concern for them.

Since these devices are used for a large array of things, it also means there are many vulnerabilities. Examples include weak passwords, unencrypted communications and insecure web interfaces. With hundreds of thousands of identical insecure devices worldwide, there are many targets for the hackers to attack.

Let’s say a manufacturer has set an unchangeable administrative password. A hacker can run a program that searches the internet for those devices and can take control, installing their own malicious software, which makes the device join the botnet community. The thing is, you might not even know it’s happening as the device runs normally until the hacker gives instructions. Then, they can do just about anything a computer might do, such as sending meaningless internet traffic to clog up data connections.

That type of attack, when emanating from thousands of devices at once (called a ‘distributed denial of service’) can shut down companies’ servers or even block wide swaths of the internet from being accessible publicly.

Here’s an example: A major DDoS attack back in 2016 messed with connections to Amazon, Netflix and Paypal for people east coast of the U.S…. and those are some pretty big companies! Can you believe that the attack linked to a botnet-control program created by three teenagers? These individuals were seeking to use more than 100,000 hijacked webcams and other devices around the world to gain an advantage over other players in the video game, ‘Minecraft’. Talk about serious gamers!

The size, scale and broad range of devices make this issue both an individual and public problem. Hackers can interfere with all activity if they flood the internet, or even sections of it, with meaningless content. Traffic would be standstill across towns, countries, and even police offers would have communication issues while trying to resolve the problem. Even the small devices in large numbers can work together to have huge repercussions both online and in the physical world.