This warning is as true now as it’s ever been: Beware of cheap internet-connected gadgets.
Remember that massive DDoS attack that took down a major internet backbone, leaving a ton of popular sites inaccessible? It was powered by an army of easily hackable Internet of Things devices. Think about your internet connected security camera, smart TV or internet connected thermostat. A lot of these devices have hard-wired default passwords, and their connection to the internet makes it easy for hackers using automated malware to find and compromise them. Well, it’s been a little more than a month since that attacked happened, and these devices still have the same security flaw.
Here’s a cautionary tale from security researcher Rob Graham, whose internet-connected webcam was compromised just 98 seconds after he set it up. His tweetstorm, complete with screenshots of the network data, shows how the Mirai botnet — the same one that caused that massive DDoS attack — was able to take control of the security camera he’d just purchased off Amazon for $US55 ($75).
3/x: Within 5 minutes, it was compromised by the Mirai botnet/worm: pic.twitter.com/ZL3kLk5HI3
— Robert Graham 𝕏 (@ErrataRob) November 18, 2016
5/x: looks for ‘wget’ or ‘tftp’ in order to download binaries the easy way pic.twitter.com/iqKynmX41o
— Robert Graham 𝕏 (@ErrataRob) November 18, 2016
Here the malware is trying to download some of the malicious code needed to execute DDoS attacks.
8/x: Actually, it took 98 seconds for first infection pic.twitter.com/EDdOZaEs0V
— Robert Graham 𝕏 (@ErrataRob) November 18, 2016
After Graham’s webcam was compromised, it started seeking out new victims to add to its botnet army.
15/x: once it downloads that, it runs it and starts spewing out SYN packets at a high rate of speed, looking for new victims pic.twitter.com/aJAvC3HBbq
— Robert Graham 𝕏 (@ErrataRob) November 18, 2016
The sad thing is, for most users, there isn’t much you can do to prevent these kind of attacks from happening. Cheap devices typically manufactured in China have hardwired default passwords, which are almost impossible for the user to change. In order to avoid this, you might want to seek out US or Australian-based products with better security.