Last month, a Distributed Denial of Service (DDoS) attack crippled domain name system company Dyn, in the US, knocking out internet access in many parts of the country. The company was attacked by the dreaded Mirai botnet, which makes IoT devices its servants.
Again, within the last month, temperature control systems in two apartments in Finland were taken down, and a huge chunk of the internet infrastructure in Liberia was hit by a powerful botnet.
All these incidents have left security experts worried.
It is no longer a threat visualised by a sci-fi writer or a Hollywood director. It is a clear and present danger — your microwave oven, fitness wrist band, smart fridge and light bulb — all can potentially land in a hacker’s grip and launch a debilitating attack on your own servers.
The scenarios could be many. A hacker infects about 10,000 ‘connected’ light bulbs or web cameras with a malicious code and tells them to attack a website or a server. The sudden attack could maim the website, denying users its services. Your connected fridge, light bulb, web camera, microwave oven and CCTV can become slaves of a hacker and can be taken down by your own website.
In a Distributed Denial of Service, a hacker launches a massive attack on a website using thousands of ‘connected’ devices that were made slaves using a malicious code. “The IoT is engulfing all aspects of life. From wrist bands to bulbs and from bulbs to CCTV cameras everything is ‘smart’ and ‘connected’ (to the internet). The intelligent devices that talk to one another take informed decisions to make your life easy and comfortable. But this could lead to a serious security problem,” Ram Mohan, who is on the Board of ICANN (Internet Corporation for Assigned Names and Numbers (ICANN), told BusinessLine.
“We are in a new era of security vulnerabilities. The amplification attacks are a major challenge as billions of insecure IoT devices are flooding the market. It has emerged as a new weapon. It can take all of us down,” he said. Mohan, who is also the Executive VP and Chief Technology Officer of Afilias, represents the Security and Stability Advisory Committee of ICANN. The committee studies and advises the corporation security issues.
He felt that the proliferation of IoT devices could result in a nightmare as the malicious software could take control of connected devices and unleash a concerted attack on a server.
Though the DDoS is not something new, the proliferation of IoT devices sharply increases the chances of attacks.
Challenges ahead
Mohan said no one was safe from DDoS attacks. “How can you stop the light bulbs from attacking you,” he wondered.
A recent report of Internet security solutions company Kaspersky said that resources in 70 countries were targeted by DDoS attacks in the second quarter this year. “Of them, 77.4 per cent of the targeted resources were located in China. The other major victims included South Korea and the US.