Nov. 15, 2016
Image (Networkworld) - Hacker
As governments advocate higher adoption of Internet of Things (IoT) and more homes incorporate smart devices, the risk of the next DDOS (distributed denial of service) cyber threat coming from bot-controlled smart devices is rising exponentially, warned a former ethical hacker in Malaysia.
This heralds a new trend among hackers, and is here to stay for another three to five years, said Fong Choong Fook, during an exclusive interview with Computerworld Malaysia.
Another change in hacking trends is that today hackers are rarely human, but bots instead - automated software that constantly scan the Web for system and network weaknesses.
"Once they have identified a weakness, the automated software will hack into a network and then only notify a human," Fong said.
"That's what happened a few weeks ago when one of the largest DDOS (distributed denial of service) attacks in the history of the Internet took place," he said. "The Mirai malware on October 21 has hacked into various IoT devices and took control of them, essentially turning these devices into robots."
"These devices, which included home appliances like smart TVs and closed-circuit TVs (CCTVs), then worked together to attack popular sites like Facebook, Gmail and Twitter," Fong added.
"These sites were all inundated with so much traffic that they went down. This is now the latest trend: DDOS attacks from IoT devices. DDOS itself is nothing new, but DDOS from IoT devices is very new and very real," he said.
Everyone can become an attacker
"Any device that has an IP (Internet Protocol) address - a smart TV, Playstation and even when a user's iPhone uses home WiFi - is vulnerable to hackers who will then use them to attack a target," said Fong.
"Imagine this replicated across thousands of homes and people, the scenario would be devastating in the extreme," he said. "On top of that, cars now have Internet connection and IP addresses, making them vulnerable to being hacked, shut down and even unlocked remotely."
"We foresee that with IoT and smart devices burgeoning through homes across the globe, eventually every one of us could be an attacker - without even knowing it," said Fong. "We could be helping malicious hackers bring down innocent people and disrupt whole companies.".
But while corporations can arm themselves via penetration testing, how can the others address this? "The first step would be to change the default passwords of smart devices," he said. "These default passwords are common and thus known to malware like Mirai, which will then hack into homes easily."
"Everyone is talking about IoT, governments are pushing it heavily, but they should not forget about security. If you don't secure your devices or change default passwords of your UniFi or CCTV service, you could be helping the bad guys unwittingly," Fong said.
"As DDOS attacks via IoT devices will continue to be the trend for the next few years, our job now is to help increase awareness among both companies and the public in securing all their Internet assets," he said, speaking of his role now as executive director and co-founder of a cybercrime and forensics firm LE Global Services (LGMS).