Skip to Content

The Internet of Things Goes Rogue

A huge online attack enabled by Internet-connected devices illuminates a problem keeping security experts awake at night.
September 30, 2016

When the website of security expert Brian Krebs recently went down, it wasn’t bad luck—it was the result of a huge surge of data: 620 gigabits per second. And now we know where it came from. It was an army of Internet-connected devices, being used as slaves to take down servers.

According to the Wall Street Journal, as many as one million security cameras, digital video recorders, and other connected devices have been employed by hackers to carry out a series of such attacks. When corralled together, these pieces of hardware can be used as a so-called botnet, collectively sending data and Web page requests to servers with such ferocity that they’re overwhelmed and ultimately crash.

It’s a powerful new way of putting an old idea into practice. Attackers have long installed malware on PCs to have them act as bots that they control, and more recently home routers and printers have been used to the same ends. But as Internet-connected devices proliferate in our homes and offices, the potential number of devices to draw upon is increasing dramatically.

The scale of the new set of attacks is unprecedented. According to the BBC, this recent spate has been able to barrage servers with data at rates of over a terabit per second. In addition to Krebs’s site, the targets have included the servers of French Web hosting provider OVH. The attacks may have been carried out by the same botnet.

The news raises fresh concerns about the security of Internet of things devices. Purpose-built to be controlled over the Internet, such devices have been billed as the future of sensing and control to businesses and domestic users alike—from connected video cameras and speakers to smart thermostats and lightbulbs. While initially slow to gain popularity, they are proliferating as they’ve become increasingly user-friendly.

But there’s a problem. Many such devices are purchased, installed, and then used without much further attention being paid to their configuration. That means that they may never be updated, leaving huge scope for their exploitation by hackers if they contain a security flaw. (They invariably do.) Who, after all, bothers to update a lightbulb?

Earlier this year, the National Security Agency’s hacking chief, Rob Joyce, sounded caution over these kinds of devices. Their security is “something that keeps me up at night,” he said at the time.

His concern is understandable. Back in 2013, security researcher HD Moore set about interrogating the entire Internet from a stack of computers at his home. He found thousands of industrial and business devices that were insecure and vulnerable to attack. By now, that number could be much higher.

While it’s unfortunate for Brian Krebs and OVH that their servers were taken down, no great harm has been done. But when industrial devices become a part of these attacks, there may be more to fear.

(Read more: BBC, Wall Street Journal, “NSA Hacking Chief: Internet of Things Security Keeps Me Up at Night,” “What Happened When One Man Pinged the Whole Internet,” “The Hackers’ New Weapons: Routers and Printers”)

Keep Reading

Most Popular

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.