The Internet of Things (IoT) holds a great deal of promise to make everyday devices much easier to use, control, program, and access remotely. From “smart” home thermostats and refrigerators to lights and automobiles, there’s remarkable potential to make our lives easier — but there’s also untold risk that these devices can bring to our day to day lives. Since so many IoT devices are (by their nature) connected to the internet, if they’re not properly secured, they can be easily hijacked by attackers.
The risk of IoT devices being used in attacks may have seemed like a remote possibility until this year, when two massive internet outages brought down major websites and web services for hours at a time. These outages were caused by attacks that used malware called “Mirai,” which scanned the internet for vulnerable IoT devices. When found, the malware would take control of them to attack a target — making IoT devices soldiers in their own malicious army.
Often the vulnerability in these devices was nothing complex at all: Quite simply, these IoT devices were still using their default passwords. By some estimates, IoT devices still using their default passwords number nearly half a million at Read more