Internet of Things is a catchall phrase for all the various internet-connected devices that are not traditional computers. This includes everything from fitness trackers and smart watches to smart refrigerators, headphones, cameras, washing machines, cars, traffic lights, airplane engines, and home security systems.
As access to broadband Internet service grows and processors become more affordable, more and more gadgets with Wi-Fi capabilities are being created. Today there are billions of IoT devices in existence.
This network of devices produces great benefits and convenience for users, but IoT devices can also be targeted by attackers as well as used to carry out cyber attacks. As with internet-connected computers, these devices are perfectly safe to use, but precautions should be taken to ensure they aren’t compromised.
A British technology researcher named Kevin Ashton coined the term ‘Internet of Things’ in 1999, but developers have been playing with the idea of internet-connected devices since the early 1980s. In fact, the first IoT device was a modified soda machine made in 1982 that transmitted data about its inventory and the temperature of the drinks inside. This was a one-off prototype, and the widespread proliferation of IoT devices didn’t start for another 25 years.
Two technologies helped pave the way for the mass manufacture of IoT devices: RFID tags and IPv6 IP addresses. RFID tags are small, lightweight electronic sensors that can transmit information without a power source, and they can be produced at very low cost. These tags can be as small as a grain of rice, and their use has been widely adopted in the industrial sector. RFID tags used in conjunction with IoT devices have been used to track inventory in a warehouse, parts on an assembly line, and even patients in a hospital. This practice has saved countless hours of labor. The industrial sector was also the first to use IoT-based security systems, incorporating devices like smart cameras and smart locks.
The introduction of IPv6 addresses meant that the dwindling number of IP addresses for internet devices was a problem of the past, and helped open the floodgates for the mass production of consumer IoT devices. The ‘smart home’ concept has also been a major driving factor in bringing IoT devices to the hands of consumers, creating a heavy demand for things like smart home security systems, cameras, televisions, speakers (e.g. Google Home), lighting, and thermostats.
The firmware in most IoT devices does not have the same level of protection as do the modern operating systems running on most computers and smartphones. In many cases these devices run on firmware that cannot be patched. As a result, IoT devices are often seen as easy targets by attackers.
A prime example of this is the Mirai botnet. Mirai is a malware suite that can take control of IoT devices for the purpose of creating a botnet to conduct DDoS attacks. Mirai works by scanning large portions of the Internet for IoT devices and then attempting to log into those devices using a series of username/password combinations that are the preconfigured defaults for several devices. Since many people never bother to change the login credentials on their devices, Mirai is able to build a large network of compromised devices, which it then infects with software used to overload a target server with malicious traffic.
Stopping Mirai and other IoT botnet attacks would require everyone who owns IoT devices to restart their devices and update their login credentials. Until then, there will remain the possibility of users having their devices compromised and used in DDoS attacks. In the meantime, a DDoS solution like Cloudflare’s DDoS protection is the best way to protect a web site or service from these sorts of attacks.
Learn more about IoT security.