Consumer IoT security-What’s keeping Stanford professor Zakir Durumeric up at night? It’s the risk that your smart appliances, connected TV, Wi-Fi printer, and ISP-provided router are being co-opted by diabolical botnets seeking to stage their next global DDoS attack. Top researchers from Stanford University and Avast Software have taken a look at the growing risks posed by lax consumer IoT security and are presenting their findings at the USENIX Security Symposium in Silicon Valley, August 14-16.
The research team conducted antivirus scans of 83 million IoT devices across 16 million households worldwide and found the security posture of many common devices in the home to be alarmingly weak.
hese devices spanned a wide range of categories, including computers, routers, mobile devices (smartphones and tablets), fitness trackers, game consoles, home automation (Nest-like devices), external storage, surveillance cameras, work appliances (printers, scanners, etc.), voice assistants, connected cars, TV and media devices, smart appliances, and other connected devices (such as smart lightbulbs).
The study found that more than a third of homes across the globe contain at least one IoT device. Adoption is more pronounced in North America, where two-thirds of homes have at least one IoT device and a quarter of homes have three or more. Despite known risks, the proliferation of easily hackable IoT devices has only grown since the 2016 DDoS attack of the Mirai botnet.
In what is considered the largest botnet attack in history, on October 21, 2016 Mirai took down much of the internet, including Swedish government sites and popular ecommerce and media sites like Airbnb, Amazon, CNN, EA, GitHub, HBO, Netflix, PlayStation, Reddit, Shopify, Spotify, Twitter, Visa, and Walgreens. Most surprisingly, the malware was not masterminded by a terrorist group seeking to attack U.S. interests; it was created by a couple of teenagers at Rutgers University seeking to knock off a bunch of Minecraft servers to increase traffic to their own.