According to research done by Gartner, there are nearly 6 billion Internet of things (IoT) devices connected to the Internet today. Many manufacturers are sacrificing ease of use for security. These devices, in turn, are easy to hack and can be used to attack other devices. According to a recent report by Forescout, they can often be hacked in under three minutes. That creates two problems for the end user. The first issue is that criminals can access the device for their own reasons. And the second is that these devices can be used to attack parts of the Internet.
The attack on the Dyn DNS system a few weeks ago by over 10 of millions of these hacked devices, we are seeing a new wave in computer security.
But what does that mean for you and what types of devices are we talking about?
What are these hacked devices?
Most of these devices were internet cameras, digital video recorders for security systems, mobile phones, televisions, kitchen appliances, and other types of devices. Manufactures left default passwords in place and did not require the end user to change it. That made it easy for attackers to easily take over so many to use in these massive attacks. In addition, most of the devices were using outdated firmware, the software that actually runs the devices, and had many bugs and flaws in them.
Its not just the no name, unknown Chinese manufactured devices, its also some big names like Panasonic and Xerox.
The bad news for end users is once these devices are hacked, they often can’t be fixed by without sending the device back to the manufacturer. There the device will be formatted and reset.
Fortune magazine has an interesting article on the liability these companies be facing in the coming weeks and months since their poorly designed devices were used to do millions of dollars in damage.
What can you do to protect your own devices?
The first thing you need to do is to update your device’s firmware. These are usually available from the manufacturer’s website. Install the most recently available firmware for your device. After that, reset your default user name, if that is possible for your device. Lastly, the most important thing to change is the password. Doing these three things all but guarantees your security for now.