Last week, one of the worst fears of Internet of Things (IoT) industry insiders was realized when someone took advantage of security holes in connected devices like netcams and home routers to create a botnet attack on popular websites like Twitter and Soundcloud.
While the attack didn’t involve any connected kitchen devices, as more and more device makers add network connections such as Wi-Fi, the possibility of a similar attack becomes likely.
Because of the complicated nature of malware like Mirai and what happened last week, let’s review exactly what happened and then look at the possibility of it happening in the smart kitchen.
What Happened
-First, the event was the result of a form of malware – essentially a form of computer virus – that runs on devices with an embedded operating system called Linux. Many connected consumer electronics use some form of Linux, which is an open source operating system, including smart kitchen devices.
-This attack was engineered to attack devices that have a network connection and an open IP address on the Internet. It also targeted those devices that still used the factory default password and username (You know the “admin” and “password” login credentials you get when you buy something like a low-cost home router at Best Buy).
-Once a device was infected, it was instructed to send a bunch of requests to connect with popular websites like Twitter. While one device like a network camera doesn’t do much to impact a popular site like Twitter, hundreds of thousands of these devices working together in the form of an IoT “zombie army” can overwhelm even the most popular sites. This type of attack is called a ‘Distributed Denial of Service’ – or DDOS – attack.
What Could Happen Next and What To Do About It
Now, what didn’t happen is what we often fear will take place when we put a connected device in our home: someone overtakes the device and starts to do bad things like make it operate when we don’t want to or makes it malfunction. Not that those things can’t happen – we’ve already had examples of people overtaking connected baby monitors to talk to children.
The reality is that IoT devices are a new playground for folks with malicious intent. The idea of connecting and controlling a small consumer connected device is enticing for hackers, as has been amply illustrated at hacker conventions like DEF CON.
However, it’s fairly straightforward to protect your products by taking a few basic steps that employ best practices. One is to make sure you don’t default to the same username and password in devices coming from your factory. Companies like Securifi, the makers of the Almond consumer router, create randomly generated default passwords that make it much harder for a person with malicious intent to access the device.
Next, use a secure connection to the cloud if your connected device employs any form of Internet service. What you don’t want to do is simply leave it open to be accessed from remote locations on the Internet.
Lastly, you should have both in-house expertise as well as rely on third party experts who know how to create secure consumer devices. Often appliance makers wading into the connected home are new to this world, so just like you wouldn’t enter a foreign market without tapping into local expertise to help you navigate a new marketplace, you don’t want to enter the world of connected devices without knowledgeable people both inside and outside your company walls.
Check out our podcast on the topic with IoT expert Jim Hunter here.