Get started Bring yourself up to speed with our introductory content.

Takeaways from October's IoT DDoS attack

Last month, there was a massive DDoS attack that was made possible by hacking into unsecured IoT devices, mainly home surveillance cameras. This left some homeowners questioning whether they’re better off with “dumb homes” instead of taking the risk that their smart gadgets and devices could be used again in another attack.

The truth of the matter is that the attack was the result of a vulnerability on cheap cameras and other IoT devices. These specific types of devices are easily hackable because they are designed to be accessed over a local network and they come with unsecured, hard-coded default passwords. Unfortunately, many people own these types of devices, which led this cyberattack having such a wide reach. What many people don’t know is that there is a big differentiation between these types of devices — which leave themselves open to the network — versus those that connect to the network using a secure cloud.

This then bares the question of who should be held responsible, companies creating these inherently unsecure products or the consumers purchasing them who don’t take the extra measures to secure them? In my opinion, the responsibility lies with the IoT companies, which need to do a better job at educating consumers on the difference between secure and unsecure connectivity of smart home products. In looking at the IoT DDoS that occurred in October, one of the biggest holes that enabled the IoT DDoS attack was this exact point — unsecure networks.

The problem here is that most consumers don’t know how to secure networks and unknowingly expose themselves to such vulnerabilities. It seems like some IoT companies are operating under the assumption that consumers are technologically savvy enough to know how to do this, but the truth of the matter is that consumers are very uneducated on smart home security measures. Supplying a consumer with an unsecure network infrastructure is begging for a cyberattack to happen.

The implication of this assumption is what we experienced on October 21 — attackers taking control of a device to attack other devices on the network, serving as a gateway to then attack the entire infrastructure. While it isn’t vital for consumers to understand the specific ins and outs of smart home security or this hack, it serves as a good case study to exemplify some of the biggest concerns for consumers and organizations focused on IoT and smart home technologies.

As more of these attacks happen, consumers are going to get smarter and look for products that use a secure cloud and encrypted connections. They’ll also become more aware of the implications of using these different types of products on the individual level. As soon as a consumer realizes that using an unsecure security camera puts their laptop or smart phone at risk, the personal motivation to learn more about and only utilize secure devices becomes stronger.

On the other hand, smart home companies that want to stick around will need to change their back-end architecture and overarching technology to follow stricter security protocols to protect consumers and the internet at large. What’s more, they’re going to need to be more involved in educating their consumers on security. This is a change that has even more urgency as IoT products enable more smart devices to become connected. Eventually, this type of security vulnerability could have much bigger implications, impacting not only a few devices, but our cars and homes.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.