When considering the culprit of a cyber attack, blame rarely falls on anything other than a computer. Yet, in an age where more devices are connected to the Internet, even devices such as a laundromat security camera are vulnerable to malware. Such was the case of a Digital ID View video recorder that two security firms determined was hosting Mirai, a virus that infected 600,000 devices over the last year. Inexpensive hardware is especially vulnerable to malware since it often comes with minimal security protocols that can be exploited in as quickly as nine seconds.
Additionally, detecting a breach is difficult due to the fact that the device is never the end target of the attack. Mirai had turned the device into a bot, meaning that it had become an electronic zombie that otherwise functions normally but can be controlled by an outside party. Hackers need to build a network of these bots called a botnet in order to conduct Direct Denial of Service (DDOS) attacks, which use the computing power of all the devices in a botnet to overload a targeted website with traffic and force it offline for a period of time. Large botnets can take down big targets through DDOS, such as the attack on Internet address services provider Dynamic Network Systems Inc. that shut down Amazon, PayPal, and Twitter for several hours last October. Thus, vulnerable, inexpensive devices can leave critical parts of the Internet open to attack.
Enforcing security protocols for these devices can be difficult due to legal disputes and cause users to forfeit control of their devices. The U.S. Federal Trade Commission has sued hardware maker D-Link Systems for falsely advertising their level of security, the beginning of what will likely be a lengthy battle in court. In the private sector, broadband providers such as Comcast put pressure on router manufacturers to strengthen security and routinely patch software but are weary of protracted legal battles with them. Routers also contain vulnerabilities that could allow hackers to exploit customers’ entire home networks, Consumers, meanwhile, are often unaware of any breaches since DDOS malware does not affect them directly.
As more Internet-enabled devices come online as the Internet of Things expands, the list of commonplace devices that could become the tools of creative hackers grows unless they are protected with quality security protocols. The responsibility falls on these hardware makers and enforcement agencies to protect not only their customers but the Internet as a whole.
Read more at The Wall Street Journal.