Who Will Save Us When the Bots Take Control?

As the IoT grows, the vulnerability of its devices grows too, with larger DDoS attacks becoming increasingly likely. Luckily, there's a solution in place so these devices do not need to be recalled.

Written by Roger Ordman
15th June 2017

On October 21, 2016 the world was attacked by robots! I am not talking about Skynet and I don't expect the Terminator to come to our rescue. I am referring to the denial-of-service (DoS) attacks on Dyn performed by the Mirai botnet.

The attack targeted systems operated by Domain Name System (DNS) provider Dyn which made major Internet platforms and services such as Airbnb, Amazon.com, BBC, CNN, Electronic Arts, GitHub, Netflix, The New York Times, PayPal, Twitter, Verizon Communications, Visa, The Wall Street Journal and Xbox Live unavailable to large swathes of users in Europe and North America.

How was this accomplished? The distributed denial-of-service (DDoS) attack was accomplished through a large number of DNS lookup requests from tens of millions of IP addresses. These are believed to have been executed through a botnet consisting of a large number of Internet-connected devices — such as printers, IP cameras, residential gateways and even baby monitors — that had been infected with the Mirai malware. With an estimated load of 1.2 terabits per second, the attack is, according to experts, the largest DDoS on record.

Mirai scours the web for IoT devices protected by little more than factory-default usernames and passwords, and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users.

It's possible to clean an IoT system infected by Mirai, but the botnet scans systems so often that there's a high chance of recurrence. You can destroy the malicious code by rebooting the device, but experts warn that vulnerable IoT devices can be re-infected in minutes. And this is bad news as Gartner Inc. projects connected devices to rise to 6.4 billion worldwide in 2016 with almost 5.5 million devices being connected daily.

Telecommunications company Level 3 advised users to upgrade devices and set strong passwords, according to the Wall Street Journal. But this is easier said than done. Even if the device has a configurable username and password changing it is not straight forward as the devices do not usually have neither a screen nor a keyboard and requires the device to be hooked up to a PC and then accessed. In some of the devices the username and password are hardcoded into the firmware requiring a software update to reset them.

And here we have it, without the use of an OTA Update solution all these devices will need to be recalled (Chinese electronic firm Hangzhou XiongMai said it will recall some of its IoT devices) or run the risk of continuing to be used as a host for any type of malicious botnet code. With an OTA Update solution in place the new code can be efficiently and securely delivered and installed to any device, anywhere in the world in a matter of hours.

Fixing cybersecurity vulnerabilities is not the only benefit that device manufacturers and service providers benefit from with an OTA Update system because an OTA system generates a real-time and updated database of all the connected devices and their software inventory. This knowledge is the basis for usage statistics, maintenance and feature upgrades keeping the devices safe and up-to-date throughout their life-cycle.

We will not be judged upon issues that occur with our devices but rather by our ability to address them… without having to depend on a Terminator coming back from the future to save us!