Amidst all the hype surrounding the Internet of Things (IoT), it’s easy to forget that it is already present in countless business and consumer devices we use daily. You’ll find it in multifunction printers (MFPs), video-conferencing systems, phone systems, smart TVs, cars, even lifts. Do you own wearables? Smart watches and fitness monitors use it too. So do various ‘smart home’ technologies, from voice assistants to home heating that can be monitored remotely.
These devices can send and receive data from the internet, directly or via an intermediate controller. Right away, this raises important security implications. While it’s amazingly convenient to have a fridge that can automatically reorder milk and eggs before you run out, it’s easy to imagine an intelligent hacker using it to access your home security system and disable it.
When a large number of IoT devices are targeted in a concerted effort, the damage can be far more extensive. This was shown in 2016 when a piece of malware installed itself on thousands of internet-connected devices – including printers, baby monitors and IP cameras – and used them to perform a distributed denial-of-service (DDoS) attack on Dyn, a company that provides Domain Name System (DNS) lookup services. Because these devices were using default login credentials, the malware was easily able to break into and reconfigure them. As a result of the attack, access to many popular online services and websites was disrupted for several hours.
Oracle Dyn: IoT Threats - The Growing Unnatural Disaster, 2018
Oracle Dyn: Summary of DDoS Attack, 2016