IOT default insecurity = Internet infrastructure danger

Krebonsecurity editor Brian Krebs now posts showing the source code for the botnet that forced Akamai/Prolexic to boot him off their network.  What is amazing is that while Prolexic was struggling to handle nearly 700 megabits there was another even larger DDOS going on aimed at the European hosting provider OVH.  OVH was taken down by a 1 TERABIT per second..that’s 1 TRILLION bits of data PER SECOND.  That kind of math is hard to comprehend.

I have been against the IOT “revolution” since the beginning at least in it’s default, out of the box configuration.  IOT is billed as convenient,  it is but it is a huge security problem.  Many folks buy home WiFi thermostats or worse yet security cameras that want you to expose port 80 directly to the internet.  Also if your router is more than a couple of years old it most likely is a takeover target as well further adding to the mess.

With home connections now averaging 6 million bits per second(known as megabits) outgoing, one insecure IOT device has an enormous amount of bandwidth available to be aimed somewhere else.  Considering many homes and businesses have more than 5 IOT devices the potential for mischief is expanded exponentially.  To give you an idea,  the IOT powered DDOS that took down OVH was powered by 145607 devices totaling over 1 terabit per second.  Doing the math this averages out to the equivalent of about 6 million cable modem equipped houses aiming their devices at one point.  In reality the available bandwidth to each attacking device was anywhere between the low range of 1 megabit per second outgoing to 30 megabits per second outgoing per device.  These were almost exclusively hacked security cameras and DVR devices.

In my case I DO have some IOT in my house BUT I have it properly secured with a proper networking setup.  First of all you MUST have a separate network for your IOT stuff.  IOT is tv’s, cameras, tablets, thermostats, security systems, cellular phones, satellite receivers, and anything else that is not attached to your computer.  You also cannot directly expose anything IOT related to the Internet.  There must be a full firewall in front of your IOT devices.  This is going to disappoint many folks who have camera systems that allow them to see their homes from the Internet.  The problem is many of them are easily hackable and therefore not only can you see what is going on in and around your home or business but so can the entire Internet.  For once the cloud is useful here as long as you understand its default security problems as well.

If you want to properly setup your IOT contact ETC Maryland for the best advice on IOT setup.