Who secures the securers?

Tuesday, 27 September, 2016

Last week, the respected cyber-safety research site, Krebs on Security, was taken down by one of the most severe DDoS attack (distributed denial of service) assaults ever recorded. Worryingly, it was launched using a botnet of vast numbers of IoT devices — web cams, home routers, digital video recorders, door locks and so on.

Dan Goodin at Ars Technica pointed out that makers of these devices design them to be as inexpensive and easy-to-use as possible, but there’s a downside:

“As a result, the devices frequently come with bug-ridden firmware that never gets updated and easy-to-guess login credentials that never get changed. Their lax security and always-connected status makes the devices easy to remotely commandeer by people who turn them into digital cannons that spray the Internet with shrapnel.”

Goodin notes that IoT malware is creating a tipping point in the denial-of-service area that’s equipping relatively unsophisticated actors with capabilities that were once reserved only for the most elite of attackers. “And that, in turn, represents a threat to the Internet as we know it,” he adds.

The good news is that Krebs on Security is back online, but the take-down is alarming.

Filed in: IoT • Tags: , , , ,

Comments are closed.