Update Your Toaster: How IoT Devices Can Be Conscripted into Botnets

By on Jul 08, 2016

Charles Strite, according to Lemelson-MIT, first introduced the modern toaster in 1926. It was, and remains to this day, a handy instrument for simultaneously warming two sides of a slice of bread before ejecting the finished product — toast — with a familiar springy *pop*. The device’s design was so successful that it has largely remained the same since 1926, dutifully popping toast across America for close to a century.

For some, this means the toaster is due for an upgrade to the Internet of Things (IoT) — a network of internet-connected devices that talk to one another and to internet-based services for better efficiency, automation and convenience. The toaster isn’t alone. Fridges, washing machines, vacuum cleaners and a plethora of additional appliances are gaining connectivity under the IoT umbrella in the hopes of making our lives easier.

But many of these devices lack sophisticated security measures, which makes them easy pickings for cybercriminals. They’re desirable targets, too, because IoT devices can easily be conscripted into botnets — networks of hijacked computers used to amplify attacks, flood servers and otherwise cause mayhem on a targeted website. In fact, according to Motherboard’s Lorenzo Franceschi-Bicchierai, some cybercriminals have just used IoT devices in their own botnet attack.

According to Motherboard, a group of cybercriminals used an IoT-based botnet to launch a Distributed Denial of Service (DDoS) attack — an attack that uses a collection of computing devices to flood a target server with so much traffic that it cannot operate. The target was an unnamed jewelry store’s website. The eye-popping fact, however, was that the attack employed more than 25,000 internet-connected CCTV cameras.

So a growing development in cybercriminal capabilities — crooks using IoT devices in attacks — is now officially a reality. How did it happen? Well, as the case with many early IoT devices, the fault lies within the weak default passwords many manufacturers employ when they sell these new devices. These passwords include everything from “admin123” to the product’s name. Complicating this is the fact that many IoT device manufacturers rarely, if ever, update their devices to fix known vulnerabilities.

The ease in which IoT devices can be hijacked is a big problem. The solution, however, starts with developing IoT devices with security in mind. Everything in these devices, from the chipset on upwards, will need to be deployed with the ability to be updated by manufacturers and secured with anti-malware solutions from the get-go.

So what can you do, as an individual, to protect your IoT devices from cybercriminals? Well, here are a few tips:

  • Change the default password. This cannot be emphasized enough: change the default password on your IoT device. Passwords should be complex, at least eight characters long and include numbers, upper and lower-case letters and symbols. If you’re worried about forgetting the password, consider investing in a password management solution, like True Key.
  • Secure your network. Your router — the device that connects your devices to the internet — also needs to be secure. Be sure to change your router’s default password and make sure it’s broadcasting as a private network. A lock symbol should appear next to its name when you look it up on a device. Refer to your router’s manual if you’re unsure how to do this.
  • Use comprehensive security. Cybercriminals aren’t just after new IoT devices — they’re after your laptops and desktops as well. Defend your devices with a comprehensive security solution like McAfee LiveSafe, which can help protect all of your devices from the latest and most advance attacks cybercriminals can muster.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

gary

 

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Subscribe to McAfee Securing Tomorrow Blogs