Technology / Nearly 200 million IoT devices are ‘vulnerable to hacking’
Nearly 200 million IoT devices are ‘vulnerable to hacking’
1 November 2016 |
Nearly 200 million Internet of Things (IoT) devices could be vulnerable to hackers, according to new figures.
Research from cyber security firm BullGuard found that 4.6 per cent of connected devices are flawed - a much bigger problem than it sounds given the scale of the IoT.
Hackers can use insecure gadgets to launch distributed denial of service (DDoS) attacks like the one that brought down some of the world's biggest websites last month.
With around four billion connected devices in the world, this equates to around 185 million vulnerable devices that hackers could take advantage of.
And with experts predicting that 50 billion devices will connect to the IoT by 2020, the problem is only set to get bigger unless security improves.
"Even though the Internet of Things is in its relative infancy, this attack shows how just a small proportion of vulnerable devices can cause real concern," said Paul Lipman, CEO at BullGuard. "We’re fortunate that this incident was relatively benign, but it’s a timely reminder that security cannot be an afterthought in this emerging market.
"We would urge people to be vigilant and take the necessary steps to ensure that basic security measures are in place."
It is believed the attack on Dyn was launched using malware called Mirai, which used a botnet of huge numbers of infected devices to overwhelm the firm’s servers.
Although there was initial speculation that a nation state was behind the attack, cyber security experts said it was more likely the work of “script kiddies”.
A Chinese technology firm issued a recall on some of its products – including webcams – after researchers linked them to the attack, claiming they had easily guessable default passwords.
Cyber security experts have warned manufacturers of IoT-connected devices that security needs to be considered at the earliest stages of development.
“When you build a device, as an industry that threat modelling needs to happen at the start of the process, not the end,” Huawei’s European cyber security officer David Francis said at the FT Cyber Security Summit. “It needs to be built in, not bolted on.”