Fifteen years ago, the main reason to secure your electronic devices was to protect your sensitive data from being stolen. Most people are aware that hackers are everywhere, waiting to gain access to whatever electronic devices possible. These hackers are usually looking for sensitive data they can use for illegal purposes (like your credit card information), while others just love the thrill of hacking.
It’s common sense to put a password on your computer, and you’ve probably secured your router with a strong password, but have you thought about properly securing your smart TV or Wi-Fi enabled digital camera? You might wonder why you should secure these devices. Who cares if hackers get pictures of your cats, your yard, or your family vacations?
Today, it’s not just the data hackers want – it’s access to your actual device. Just as you secure your home router, it’s equally important to secure all Wi-Fi enabled devices to prevent them from becoming enslaved by hackers who create armies to deliver DDoS attacks that essentially break the internet.
How a DDoS attack works
A DDoS attack is a “distributed denial of service” attack that knocks websites offline by sending perpetual requests for traffic to a website, often from multiple devices. These requests overwhelm the website, making it impossible for visitors to load the pages.
For example, on Friday, October 21, 2016, the world experienced the effects of a DDoS attack when popular websites all over the US crashed. This DDoS attack specifically targeted the Managed DNS infrastructure for Dyn Inc. Dyn manages traffic for companies like Twitter, Spotify, Etsy, Github, and Netflix, among others.
While the Department of Homeland Security is investigating who was responsible for the attack against Dyn, what is known is that the perpetrator(s) hijacked numerous internet-connected devices to deliver the requests. Devices like televisions, digital cameras, security systems, webcams, and routers could have been among those hijacked.
This means that people who never bothered to change their factory set login credentials made it easy for hackers to corral their devices to launch an attack against the internet.
Data security isn’t the only reason to protect your devices
You might be wondering why you should care about DDoS attacks against other people’s websites. If your devices are being used to take down websites, and the websites are eventually restored, what’s the urgency? While you might be able to live with the guilt of knowing your unsecured devices contributed to a DDoS attack that cost someone else time and money, there is a bigger reason you should be concerned – your devices are at risk.
There’s a new bot in town frying unsecured devices
Imagine spending hundreds of dollars for new devices, like a smart TV and a home security system like Google’s Nest, and one day your devices are completely fried beyond repair. You attempt a factory reset, but the devices won’t boot up. So you send them to the manufacturer and they can’t do anything, either. You have no choice but to shell out the extra cash to buy a new device. How can this happen?
A bot called Brickerbot, ironically made up of unsecured IoT devices, has been scouring the internet for other unsecured devices, promptly disabling them by destroying them beyond repair. Even factory resets can’t bring these devices back to life. This sounds sinister, but in a Robin Hood fashion, this bot is working to prevent future DDoS attacks.
You can prevent your devices from being destroyed by Brickerbot or turned into an army of devices used for DDoS attacks by simply changing the default Wi-Fi username and password.
Your devices might come with a password unique to you, but don’t be fooled. Your factory set password that appears to be unique was created with an algorithm that hackers can easily crack. The only protection you have is to create your own complex password.
DDoS attacks are becoming more common
The DDoS attack against Dyn Inc. took half a day to resolve, and its effects were minor compared to what’s possible when enough devices are hijacked. Just a month prior, the website of security journalist Brian Krebs was bombarded with 620 gigabits per second of phony traffic requests coming from 145,000 hijacked cameras resulting in the largest DDoS attack on record. Prior to that, Sony’s PlayStation Network and Xbox Live were disrupted by DDoS attacks that came from hijacked home routers.
While you may not have been concerned before, thanks to Brickerbot, you now have an incentive to secure your IoT devices.