By Alan Jackson, CISSP
A recent attack within the “Internet of Things” (IOT) made me think about a commonality between me and Bill Gates. When Bill Gates built his house more than 25 years ago, he incorporated very sophisticated technologies into each room. Visitors to his house were encoded into a computer system and the system automatically adjusted the lights, temperature, and music in each room to the tastes of the occupants. This technology was way ahead of its time, but over the years home management networks have become more and more common. In fact, I have many devices in my house that are directly connected to my home network. These devices allow me to remotely adjust the temperature, check to see if the lights are off, stream stored videos, and keep track of my grocery needs. These devices are part of the IOT and they include network-connected thermostats, nanny-cams, and smart refrigerators. The IOT also includes industrial controls systems, smart cars, copiers, fax machines, and manufacturing robotic systems. All of these devices have tiny computers in them and a malicious person could take over the computer. Some of you may be thinking, “C’mon Alan, be serious. You have watched The Terminator and The Matrix too many times.” Well it has happened.
On Friday, October 21, 2016, a massive attack was launched from the IOT. During this incident, a large number of small internet-connected devices were told to attack the Internet simultaneously. This attack succeeded and some of the largest companies on the Internet were crippled for hours. This attack did not surprise cyber security experts. In fact, these experts have been warning about the IOT for years. The problem with the IOT is that “smart” devices are designed to be convenient. As a result, individuals quickly install them, leave unnecessary feature enabled, and fail to change the default usernames and passwords. This makes it easy for attackers to take control of these devices.
So what can YOU do about it? Whether you are a home user, or a business, the first thing that you should do is to secure your wireless network. Ensure that you are using WPA2 encryption and that your wireless network requires a complex password. Next, inventory everything connected to your network. Pay special attention to printers, fax machines, copiers, and anything else you can access from a computer. If you don’t know what is connected, you will be unable to secure it. Third, ensure that all of your network-connected devices are up-to-date. For example, your network connected copier has software installed on it. Make sure that you are running the most current version of the software. Finally, log into your network connected devices, change the default usernames and passwords, and remove unnecessary services. There are many other security precautions that you can implement, but if you follow the four steps listed above you will make it much harder for SkyNet to take over and release Terminators all over the world.