The vital question of security vulnerabilities connected to the Internet of Things (IoT) has been brought to the fore during the past few months.
The drama has been caused by the Mirai botnet. It is using IoT-connected devices to create distributed denial of service (DDoS) attacks, among other things, and played havoc with the internet during September and last month.
There is more news on the Mirai front. In fact, quite a bit of news. And one piece of it actually, in a qualified way, is good. The first bit is that the crackers attempted to use Mirai to disrupt both the Trump and Clinton campaign websites. Security firm Flashpoint reported that the sites were attacked between the evening of November 6 and the morning of November 7. The firm characterized the four attacks, which were at Layer 7 of the hypertext transport layer protocol (HTTP), as “unsophisticated.”
The qualified good news, hinted at by Flashpoint and more fully explained at Computerworld, is that the power of Mirai is being somewhat diluted because its source code was released. This has led to sort of a bad guy free-for-all among those seeking to use it. The story says that Mirai works across surveillance cameras, baby monitors and similar devices. At least at this early point in the distribution of IoT-related devices, users of Mirai are in essence competing for the relatively few devices of this type that are IoT-connected.
That news is qualified simply because there will come a time when there are many more candidate devices to infect. If the industry does not do its job of better protecting equipment as it proliferates, Mirai will again become a serious threat.
Mirai also was credited with taking a whole country offline. The qualifier is that the country, Liberia, has very weak connectivity. In any case, the story appears to be inaccurate. Indeed, the questions about its veracity were raised by Brian Krebs, who should know: He is an internet security expert and one of Mirai’s earlier targets.
Mirai is a threat that may or may not be fading. The big picture, however, is that the idea of assaulting the internet with DDoS attacks launched at IoT-connected devices is a potent one. Hopefully, manufacturers are listening.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at [email protected] and via twitter at @DailyMusicBrk.