IoT devices threaten future Internet security
PayPal, Etsy, Twitter, GitHub, Reddit, Playstation Network, AirBnB and Netflix were all impacted on Friday by a Distributed Denial of Service (DDoS) attack on Dyn DNS. The biggest impact was in the US although some users in Europe were also affected.
DNS (Domain Name System) is the internet protocol which translates a web URL (like www.tamebay.com) to an IP address. Humans are good at remembering words but not so good at remembering strings of numbers. It’s the modern day equivalent of knowing someone’s name and looking up their number in the telephone directory – the internet relies on DNS services one of which is Dyn DNS.
Dyn were hit by a well planned and executed attack coming from tens of millions IP addresses at same time. What’s interesting about this attack is that it wasn’t limited to computers which had been infected by malware, but included so call IoT (Internet of Things) devices. Products like printers, webcams and even digital video recorders that have been infected by malware in previous weeks appear to have been used in the attack.
There are two main issues which need to be addressed. One is that DNS services are one of the weak points on the internet – take down a DNS service and not only does it affect users of that service but it also impacts other DNS services. The second issue is that whilst users are accustomed to updating their computers and laptops which generally patches the latest software vulnerabilities, the same can’t be said of connected devices – when was the last time you updated the software on your TV set top box?
Friday’s Dyn DNS attack is a portent of things to come. At one point hackers would try to compromise a computer, but if they’re going to be able to mobilise any internet connected device, most of which are largely insecure, then attacks of this nature will be more severe and likely become more common.