Last Fall the Internet of Things (I0T) caused major headaches for millions of people. The Mirai virus attack on Dyn, a company that manages internet performance for many websites such as Twitter, Amazon, Spotify, and Netflix, sent these sites into a tail-spin. How did Mirai accomplish the feat? It hijacked your internet-connected TV, game station, nanny-camera, or any of thousands of other internet-connected devices that are in homes and businesses near and far, to build a monster-sized botnet, and threw it at Dyn.
So, what is a botnet? Basically, it is a program that makes your computer participate – unbeknownst to you -- in attacks on websites. Like a bad horror movie, instead of zombies crushing in on their victims, the computers are the zombies, attacking a website by flooding it with a barrage of requests to see pages; because the computer zombies are so numerous and fire off requests so fast, the website shuts down.
Today, with so many IoT devices, internet-connected devices can become part of the botnet too. But you can help avoid the IoT zombie apocalypse by changing the default password on your internet-connected things. Many people are unaware that their TV’s, nanny-cams, game stations, etc. have manufacturer-set default passwords. Companies also have internet-connected devices. Once a threat actor knows the default password for an IoT “thing,” they can make zombies out of all the devices whose owners didn’t change the default password.
Not all IoT devices are large enough to have the functionality for changing the default password . . . like a lightbulb. But thousands, even millions do have passwords. So, practice good IoT hygiene and change your default password. It will make you more secure, and help prevent another IoT botnet attack.
© 2017 Duke Law Office PLLC and CyberSmart Law. This blog is a copyrighted work of Duke Law Office PLLC and CyberSmart Law. No portion of it may be reproduced or distributed without the express written permission of Duke Law Office PLLC and CyberSmart Law. None of the information contained in this blog is intended to constitute, nor does it constitute, legal advice or a solicitation of any particular prospective client. For further information, please contact Emily E. Duke at eduke@DukeLawOffice.com.