When smart home devices attack

By November 18, 2016 Article

You may have noticed that about a month ago your Internet may have been acting a little funny. Maybe you couldn’t access sites or you had service interruptions. Don’t worry, it wasn’t just you. On October 21, most of the East Coast and other areas of the country experienced a scary new type of cyber attack. Many popular websites such as Twitter, Netflix, Spotify, Airbnb, Reddit, and Etsy reported sporadic problems.


A map of the areas experiencing problems, as of Friday afternoon, according to downdetector.com.

It turns out that a company called Dyn that monitors and reroutes Internet traffic began to experience denial of service attacks that morning. The attacks came in waves throughout the day and rendered many sites inaccessible across the East Coast. An attack of this magnitude hadn’t previously been seen (or imagined). However, the most troubling part of all wasn’t the severity of the attack, but how it was carried out…

The way the attack was orchestrated was though the use of millions of Internet-connected (smart) devices such as routers, baby monitors, and cameras, in order to flood a target with traffic. Dyn discovered that the attack was a part of a botnet attack called Maraj botnet, which works by taking over connected devices in people’s homes, using them like an electronic army to attack the hacker’s target. It is believed that the attack exploited security vulnerabilities involving weak default passwords on devices. Many people don’t bother to change default passwords like “0000” for simple home devices like a video camera, leaving their device vulnerable.

This attack on smart devices is just the beginning. The popularity of Internet of Things (IoT) devices is steadily on the rise, with no slowing in sight. According to Gartner, a technology research company, “an estimated 6.4 billion connected devices were in use last year. By 2020, that number is expected to more than triple to 20.8 billion devices.” We had similar attacks before when children’s connected toys were hacked last year, and according to an alarming statistic from a 2016 report by domain registry company Verisign, there’s been “a 75 percent increase in such [IoT] attacks from April through June of this year, compared with the same period last year.”

Although attacks like this are scary you are not powerless. You should always follow security guidelines for connected devices and actually change that default password they urge you to change. Even changing your passwords from time to time for your various accounts is important too as you have seen in cases such as Yahoo’s breach. Don’t forget to keep devices updated too. Many breaches occur from exploiting loopholes in outdated operating systems. If you need help or tips for protecting your network, feel free to reach out to us any time.