This warning is as true now as it’s ever been: beware of cheap internet-connected gadgets.
Remember that massive DDoS attack that took down a major Internet backbone, leaving tons of popular sites inaccessible? It was powered by an army of easily hackable Internet of Things devices. Think about your internet connected security camera, smart TV, or internet connected thermostat. A lot of these devices have hard-wired default passwords, and their connection to the internet makes it easy for hackers using automated malware to find and compromise them. Well, it’s been a little more than a month since that attacked happened, and these devices still have the same security flaw.
Here’s a cautionary tale from security researcher Rob Graham, whose internet-connected webcam was compromised just 98 seconds after he set it up. His tweetstorm, complete with screenshots of the network data, shows how the Mirai botnet—the same one that caused that massive DDoS attack—was able to take control of the security camera he’d just purchased off Amazon for $55.
Here the malware is trying to download some of the malicious code needed to execute DDoS attacks.
After Graham’s webcam was compromised, it started seeing out new victims to add to its botnet army.
The sad thing is, for most users, there isn’t much you can do to prevent these kind of attacks from happening. Cheap devices typically manufactured in China have hardwired default passwords, which are almost impossible for the user to change. In order to avoid this, you might want to seek out US-based products with better security.