Hackers are Now Using Your Smart Home Devices to Bring Down the Internet

In days past, hackers would take down large websites just to make a public statement. They still do that, but now, mounting a DDoS (distributed denial of service) attack to take a website down has become much easier because they’re using connected devices to achieve the same goal. And the problem is that these devices are sitting right in your homes.

Things have changed now that the Internet of Things is slowly coming to the forefront of consumer technology. Today, the risk is very much at home – whether it’s your internet-connected baby monitor or that webcam you can access remotely from work or a CCTV camera that’s online, these ‘connected’ objects can wreak havoc on the internet.

The crux of the matter is not the internet – it’s the poorly secured devices that connect to it. Last Friday’s attacks on major websites like Spotify, Twitter and Reddit showed that thousands of connected devices were sending requests to Dyn, the DNS service that these three sites use, or domain name server. The DNS – being nothing more than a phone-book like application that converts domain names to IP addresses and directs users to the right website – was overwhelmed with a massive number of requests at the same time, effectively taking all three sites down by making it unavailable to legitimate users.

Are you at risk? Not per se. While there’s still a chance that a hacker could get into your device and make it do things and transmit data back to them, that’s probably not the best use of their time. Most hackers are in it for the money, and there’s not much money in hacking into a user’s device unless it contained sensitive financial or personal information.

So where’s the risk, then? The real risk comes from hackers gaining control over thousands of such connected devices, and then using it to mount an attack on your favorite websites. In a sense, your smart home devices are party to the hack, unbeknownst to yourself in most cases.

And that’s what happened last Friday.

How can such an attack by hackers be stopped?

It’s impossible to stop an attack of this kind, but we can reduce the probability of that happening by changing any default logins and passwords for internet-connected devices. The malware responsible for this attack – called Mirai – essentially looks for all available devices that have default passwords that the end user hadn’t changed after purchasing the device.

After identifying such devices, the malware affected the devices to create “botnets”, which are nothing more than interconnected devices that are ‘infected’ with the malware and work in coordination to do whatever the hacker wants. In Friday’s attack, these botnets was used to send spammy and junk requests to overwhelm the domain name servers at Dyn. In doing that, the hackers prevented genuine visitors from being able to access the site.

In a statement last Saturday, Dyn iterated that despite three waves of attacks, they never experienced a system-wide outage. That means users in some parts of the United States were still able to access these sites when it was down for users in other regions.

The ‘not my problem’ phenomenon

Unfortunately, because individual users aren’t directly affected by such an attack, it could lead to a ‘not my problem’ type of situation. That’s what will make it hard to prevent such attacks in the future.

The Internet of Things is really a wide-spread network of connected devices from all over the world, so you can see why it would be such a huge task ensuring that each one is secured properly.

The real answer to the problem is awareness and education. Most users of connected devices aren’t even aware that they can be hacked. Many users don’t even realize the importance of unique passwords. And that brings me back to the whole question of cybersecurity only being as strong as the weakest link in the chain.

The real weak link in cyber security

Users need to realize how their devices can play a part in security being compromised on such a large scale. We need to see the bigger picture and act accordingly. And that brings us to the big question: who is responsible for my digital security?

There’s only one answer to that – you. There are companies that provide the tools and the software and everything else you need to secure your digital devices. But the responsibility of implementing it rests on you, the end user.

Are you updating your software version to get the latest security updates? Are you following proper ‘password etiquette’ for all your devices, including your smartphones, tablets, PCs, smart TVs and anything else that can connect to the internet? Are you sharing your passwords with others without realizing the risks involved?

These are the questions we need to ask ourselves as consumers in the Age of the Internet. And the answers to these questions will give us clues to which parts of our lives are vulnerable.

We’re great with physical security. We have burglar alarms, pepper spray, judo and a wide range of things that keep us physically safe. But we don’t treat our digital security with as much respect. Would you leave your front door unlocked on purpose at night? Then why would you leave the door to your iPhone wide open?

What it all boils down to is: are we too complacent about digital security?

Thanks for reading our work! Please bookmark 1redDrop.com to keep tabs on the hottest, most happening tech and business news from around the world. On Apple News, please favorite the 1redDrop channel to get us in your news feed.