More than 30 years ago James Cameron’s Terminator showed us a future wherein unstoppable machines have taken over the world with ruthless efficiency. While they haven’t quite managed the terrifying robotic menace of Schwarzeneggar’s titular character, the machines managed to rise up and ruin the the internet for several days last week. Regardless of how you use the internet, you were more than likely affected by the massive outage caused by a distributed denial of service (DDOS) attack on domain name service (DNS) provider Dyn, which in turn disrupted access to numerous worldwide internet services like Twitter, Spotify and Sony’s video gaming service, as well as impacting thousands of other businesses who rely on Dyn’s infrastructure. Up until most recently, attacks like these were perpetrated by swarms of malware-controlled computers known as botnets. This time around, the massive DDOS attack was led by a vast swarm of internet-enabled security devices, mostly webcams, DVR’s and NVR’s. These devices are part of the growing “internet of things” (IoT) and the scale of the attack enabled by only a fraction of the IoT has many in the industry (including yours truly) very concerned.
What this means for you:
The rise of cheap, easy-to-install webcams and NVR’s have led to their proliferation throughout the business and residential world. The malware used in Friday’s attack was designed to target flawed firmware from a Chinese manufacturer that is used widely in this class of device – so widely that the firm has actually issued a recall of some devices sold in the US, wherein the majority of the attacks were focused. It’s unclear how many undiscovered or undisclosed devices are also impacted by this particular malware variant, or how many other dormant weaknesses lie in wait, either already discovered and held close, or just waiting for that next inquisitive hacker to discover and then exploit. Even now, after years of loopholes, exploits and quality control issues discovered in major brands (Galaxy Note 7 is only one recent example), manufacturers continue to race to the bottom in costs, often cutting corners that make their devices insecure and even dangerous. Mass manufacturing and distributed design enables companies to produce and sell tens of thousands of devices around the world, but it could also results in rapid, wide-spread distribution of sleeping terminators, just waiting to rise up against their owners at their master’s command.
Image courtesy of Geerati at FreeDigitalPhotos.net
[…] month ago we wrote about a wave of attacks powered by compromised security appliances – mostly Asian-manufactured network video recorders – that disabled popular internet […]