On the global battlefield of cyberwarfare, tere’s a vast army of faceless foot soldiers — and they’ve just been revealed as double agents.
The directed denial of service (DDoS) attack that brought the Internet to its knees one day last month used everyday household applianceslike cameras, universal remotes, DVRs and even washing machines. That’s likely to become increasingly commonplace in a technology-dependent world, experts say.
The stakes are mounting as “smart home” devices — connected by increasingly ubiquitous Internet of Things technology and designed to help consumers run their homes with ease — now come with a distinct risk. They are being transformed into drones for security breaches.
Such deveices now number more than 6 billion, according to a recent analysis from Machina Research.
“Security has not been a prime focus on many devices and organizations that put these out helter-skelter. … In many cases they’re not adjusting to security concerns,” Leonard Kleinrock, a UCLA professor of computer science, told CNBC in a recent interview. “So it’s not a surprise this [cyber attack] happened and it hasn’t been taken seriously. There’s no oversight in general.”
Connected devices are reaching a saturation point: A 2015 Gartner study estimated that consumers around the world are adding a staggering 5.5 million IoT devices on a daily basis. According to Kleinrock, that’s a major concern in the context of seemingly relentless cyberwarfare. A big problem is that most consumers use default passwords on these appliances that can easily be hacked.
“The obvious answer is to change the password [but] I think it’s unreasonable by and large to expect users to change passwords on cameras, toasters and scales,” said William Webb, a fellow at the Institute of Electrical and Electronics Engineers and CEO of Weightless SIG, a nonprofit standards body that looks at issues surrounding IoT connectivity.
There’s a bigger question of how to execute compliance, he told CNBC in a recent interview. “There are things you could do but how do you get that to happen? If this is a mobile phone, this is not so difficult … but these are devices manufactured by 10-20 manufacturers,” he said.
“Getting them all to play ball is really difficult, and there isn’t a framework to make them do it.”
Because of their limited computing capacity, “most of the IoT devices were not designed with serious protection capability, and so are susceptible to attack,” said Kleinrock, who was influential in the development of Arpanet — the forerunner to the modern-day internet.