The Distributed Denial of Service (DDoS) attack, which targeted DynDNS servers, and literally ‘broke the internet’ for several hours on October 21st, pushed an issue that has been plaguing security professionals since the dawn of the Internet of Things (IoT) into mainstream media.
Typically DDoS attacks occur when infected personal computers or workstations form what is known as a botnet and overwhelm a server with an excess of traffic or requests. In this particular case however, servers belonging to a popular Domain Name System (DNS) company were hit.
For some background, DNS functions like the internet’s iPhone contacts list. It translates domain names (your friends’ names), which are easy for humans to remember, into server IP addresses (their phone numbers) and allow networking devices (your phones) to communicate in order to ensure you end up at the appropriate destination. However, when DNS goes down, traffic loses its ability to travel to sites using this particular service.
The DynDNS attack was completely different, however. This time the botnet did not consist of just workstations, but IoT devices, as well; and it occurred on a colossal scale due to the sheer number of devices that make up the IoT. This means that our fancy smart thermostats, baby monitors, home automation systems, and light bulbs could have theoretically contributed to this attack.
Going forward, if we want to prevent something like this from happening in the future, we need to be collectively more diligent about hardening IoT devices. So how do we do that exactly?
Your smart devices live on your home network. Therefore, their security is completely dependent upon your network configurations. Check your networking devices’ manufacturer guidelines regarding admin panel control access. Typically this is achieved by simply typing 192.168.1.1 (or a similar IP) into your browser. These panels offer an easy-to-understand Graphical User Interface (GUI) for users. In addition, default login credentials can easily be located online (herein lies a part of the problem…).
Upon logging in, consider changing the device login credentials from the factory default. Ensure that your network is protected by Wi-Fi Protected Access II (WPA2) encryption and consider hiding your Service Set Identifier (SSID). This will prevent your network’s name from being visible to outsiders. Users will have to know it and manually type it and the password in to gain access.
Device firmware can also be updated from these panels. Ensure that your device is running the latest version. Firmware updates are important because unlike software, firmware controls essential functions of the device hardware due to how it is configured. If there is an automatic update option, select this for peace of mind.
In a similar fashion, IoT devices can also be updated from administrative panels. Check manufacturer guidelines for information on how to access these settings from your home network. Firmware and security updates should also be maintained on these devices.
Many IoT devices also come with apps to control them. Maintain similar diligence with mobile security in order to prevent unwanted tampering. Create a strong master password for access to your device; ensure all devices and applications are fully patched and updated; turn off Bluetooth capabilities when not in use; never allow other applications to have full access to your mobile device; avoid rooting your mobile devices; ensure these devices are fully encrypted and avoid leaving them unattended.
As the IoT grows, the threat of this type of attack will increase dramatically. Preventing the next IoT DDoS attack depends on all of us. So do your part to create a more robust home network and don’t be afraid to step up your security game!