IoT Growing Faster Than the Ability to Defend It

[Super Nova]

What a great time to be a hacker. Techs are producing stuff that hasn't been thought through for security or users are too stupid to secure them.

Watch out for these devices listed and read the documentation and ensure you secure them all when you get them. I don't want my fridge to spam the world. (well when they start making them for consumers)

IoT Growing Faster Than the Ability to Defend It

Last week’s use of connected gadgets to attack the Web is a wake-up call for the Internet of Things, which will get a whole lot bigger this holiday season. By Larry Greenemeier on October 26, 2016

With this year’s approaching holiday gift season the rapidly growing “Internet of Things” or IoT—which was exploited to help shut down parts of the Web this past Friday—is about to get a lot bigger, and fast. Christmas and Hanukkah wish lists are sure to be filled with smartwatches, fitness trackers, home-monitoring cameras and other wi-fi–connected gadgets that connect to the internet to upload photos, videos and workout details to the cloud. Unfortunately these devices are also vulnerable to viruses and other malicious software (malware) that can be used to turn them into virtual weapons without their owners’ consent or knowledge.

Last week’s distributed denial of service (DDoS) attacks—in which tens of millions of hacked devices were exploited to jam and take down internet computer servers—is an ominous sign for the Internet of Things. A DDoS is a cyber attack in which large numbers of devices are programmed to request access to the same Web site at the same time, creating data traffic bottlenecks that cut off access to the site. In this case the still-unknown attackers used malware known as “Mirai” to hack into devices whose passwords they could guess, because the owners either could not or did not change the devices’ default passwords.

The IoT is a vast and growing virtual universe that includes automobiles, medical devices, industrial systems and a growing number of consumer electronics devices. These include video game consoles, smart speakers such as the Amazon Echo and connected thermostats like the Nest, not to mention the smart home hubs and network routers that connect those devices to the internet and one another. Technology items have accounted for more than 73 percent of holiday gift spending in the U.S. each year for the past 15 years, according to the Consumer Technology Association. This year the CTA expects about 170 million people to buy presents that contribute to the IoT, and research and consulting firm Gartner predicts these networks will grow to encompass 50 billion devices worldwide by 2020. With Black Friday less than one month away it is unlikely makers of these devices will be able to patch the security flaws that opened the door to last week’s attack.

Before the IoT attack that temporarily paralyzed the internet across much of the Northeast and other broad patches of the U.S. last week, there had been hints that such a large assault was imminent. In September a network, or “botnet,” of Mirai-infected IoT devices launched a DDoS that took down the KrebsOnSecurity.com Web site run by investigative cybersecurity journalist Brian Krebs. A few weeks later someone published the source code for Mirai openly on the Internet for anyone to use. Within days Mirai was at the heart of last week’s attacks against U.S. Dynamic Network Services, or Dyn, a domain name system (DNS) service provider. Dyn’s computer servers act like an internet switchboard by translating a Web site address into its corresponding internet protocol (IP) address. A Web browser needs that IP address to find and connect to the server hosting that site’s content.
Friday’s attacks kept the Sony PlayStation Network, Twitter, GitHub and Spotify’s Web teams busy most of the day but had little impact on the owners of the devices hijacked to launch the attacks. Most of the people whose cameras and other digital devices were involved will never know, said Matthew Cook, a co-founder of Panopticon Laboratories, a company that specializes in developing cybersecurity for online games. Cook was speaking on a panel at a cybersecurity conference in New York City on Monday.

But consumers will likely start paying more attention when they realize that someone could spy on them by hacking into their home’s Web cameras, said another conference speaker, Andrew Lee, CEO of security software maker ESET North America. An attacker could use a Web camera to learn occupants’ daily routines—and thus know when no one is home—or even to record passwords as they are typed them into computers or mobile devices, Lee added.

The IoT is expanding faster than device makers’ interest in cybersecurity. In a report released Monday by the National Cyber Security Alliance and ESET, only half of the 15,527 consumers surveyed said that concerns about the cybersecurity of an IoT device have discouraged them from buying one. Slightly more than half of those surveyed said they own up to three devices—in addition to their computers and smartphones—that connect to their home routers, with another 22 percent having between four and 10 additional connected devices. Yet 43 percent of respondents reported either not having changed their default router passwords or not being sure if they had. Also, some devices’ passwords are difficult to change and others have permanent passwords coded in.

With little time for makers of connected devices to fix security problems before the holidays, numerous cybersecurity researchers recommend consumers at the very least make sure their home internet routers are protected by a secure password.

https://www.scientificamerican.com/arti ... defend-it/

[Neferti]

Can you explain that in non-techo talk?

[Outlaw Yogi]

I'm dreading the coming of Terminator cars .. generally referred to as "Autonomous/self driving cars" but I call Terminators because that's what they'll be due to computer glitches and programming liabilities unable to handle random situations.

Google's self driving cars were ordered off the road because they kept crashing or causing crashes, Tesla's self driving cars were so focussed on the car in front of them they couldn't merge from a minor road to a Hwy without forcing their way into traffic, and a Mercedes Benz engineer being questioned by a road safety panel when asked "If a child ran on to the road and the car had the option of hitting the child or a tree, would it run over the child?" admitted the computer is programmed to save the lives of the car occupants and so would run over the child.

I can't wait to see what happens when these bot cars are taken out of a city and confronted with ruts and pot holes in dirt roads. I can imagine that if a tree fell down covering 3/4 of a road way, the computer would be too stupid to drive around by partially driving onto footpath and have a melt down.

The day cars with manual controls become restricted items is the day I go back to high powered motor bikes and see if the bot cops can catch me.

I remember a few years ago an article citing how vulnerable US infrastructure is to hacking because its all on the net. So potentially Jihadi Ahmed could open the flood gates on major dams and wash away towns or cities. Realistically for genuine security instead of rigging it so you can control a dam in California from Washington DC, they should disconnect such infrastructure from the net and have the techs control it manually on site.

As for all the gadgets and appliances hooked up to the net ... well to me they're just junk!

[Super Nova]

Maybe I am getting old but I will never go for a fully autonomous car. Computer assisted maybe but I need to be in control.

I don't even like the cruise control.

[Neferti]

Maybe I am getting old but I will never go for a fully autonomous car. Computer assisted maybe but I need to be in control.

I don't even like the cruise control.

Nah, just get to the stage when you can afford a Chauffeur to drive you around in the Rolls. You are still "in control" ... he is YOUR employee.

[Black Orchid]

Maybe I am getting old but I will never go for a fully autonomous car. Computer assisted maybe but I need to be in control.

I don't even like the cruise control.

I agree and I don't use cruise control either. It instils laziness and lack of awareness and with all the complete nutters on the road we need to be aware now more than ever.

[Super Nova]

Maybe I am getting old but I will never go for a fully autonomous car. Computer assisted maybe but I need to be in control.

I don't even like the cruise control.

Nah, just get to the stage when you can afford a Chauffeur to drive you around in the Rolls. You are still "in control" ... he is YOUR employee.

I wish. True tho. if ever I could afford a rolls I must be able to afford a Chauffeur. So I need to play lotto again.

[Neferti]

Maybe I am getting old but I will never go for a fully autonomous car. Computer assisted maybe but I need to be in control.

I don't even like the cruise control.

Nah, just get to the stage when you can afford a Chauffeur to drive you around in the Rolls. You are still "in control" ... he is YOUR employee.

I wish. True tho. if ever I could afford a rolls I must be able to afford a Chauffeur. So I need to play lotto again.

You are still young. Lotto won't get you rich. Nor will wishing.