Some federal legislators are finally realizing the danger of adding unsecured devices to a network.
In October of 2016, a massive DDoS attack was launched against Dyn which affected a large number of websites including Twitter, SoundCloud, Spotify, and Reddit. The source of the attack was a botnet called “Mirai” which was specifically designed to compromise Internet of Things (IoT) devices. You know, like your thermostat.
Designed to target the Internet of Things specifically, Mirai can scoop up connected devices and add them to a botnet simply by attempting to log into them with their factory-default username and password. Have you changed the password on your smart fridge lately? I thought not.
The Mirai code focuses on all kinds of smart devices including cameras to internet-connected fridges, but its bread and butter is DVRs. Of the nearly 500,000 devices known to be compromised by the Mirai malware, some 80 percent of them are DVRs, according to an in-depth investigation of by Level 3 communications.
It seems that this caught the attention of our government. Senator Cory Gardner (R-Colorado’), Chair of the Senate Cybersecurity Caucus, is one of a bi-partisan group of senators who are sponsoring legislation to secure IoT devices, or at least those purchased by the government:
“The federal government orders billions of dollars worth of Internet of Things devices each and every year,” says Gardner. “These are things that can be hacked into. You can try to control systems, instruments with them. You can certainly read what people are doing and maybe even eavesdrop on a conversation people are having.”
As Chair of the Senate Cybersecurity Caucus, Gardner is sponsoring a bill that would require any internet-connected device purchased by the government meet basic security standards.
“Things like firewalling off information, requiring patchable and securable devices, making sure that you don’t have a hardcoded password from a factory that someone can have access to.”
He says many of the devices are imported and have little to no security making them highly vulnerable gateways into government systems that can be exploited by criminals and other countries.
It only took a year for our politicians to take notice of a massive hole in our national security. Now if they will only follow through.