Earlier this month, we warned our readers about this emerging threat, the perfect distributed-denial-of-service attack (DDoS) vector by the utilization of so-called "Internet of Things" (IoT) smart appliances. IoT appliances comprise of a plethora of everyday smart gadgets, such as security cameras/ webcams, thermostats, printers, kitchen tools and DVRs, that have been given a Jetson-esque upgrade with networking abilities and web connectivity.
Now, it looks like these kinds of unprecedented attacks using armies of smart appliances are starting to take hold, serving as a grim reminder that the internet is indeed a fragile place.
Last Friday morning, a massive DDoS cyber attack was launched against the internet infrastructure company Dyn. This attack was mainly aimed at Dyn's Domain Name System (DNS) services on the East Coast and it prevented major websites like Twitter, Spotify, Amazon, Netflix, CNN and PayPal from being accessed by millions of users.
A DDoS attack occurs when a targeted website or web server is flooded with an overwhelming amount of requests from millions of internet-connected machines in order to bring it down or prevent legitimate requests to the website from getting through.
The first attack started around 7:10 a.m. EST but the DNS issue was resolved by Dyn about two hours later at 10:22 a.m. EST. All of the affected websites and services appeared to be back to normal at that time. However, a second more globalized DDoS attack was detected at about 1:01 p.m. ET and disrupted Dyn's DNS services again. A third attack was likewise detected later that day. The company mitigated these issues that day and together with the FBI, is currently investigating the attacks.
Although no one is certain about the perpetrators of the attack, Dyn has identified "tens of millions" of unique IP addresses comprising the huge "botnet" that flooded Dyn's servers with traffic. Most of these addresses are again reportedly traced back to compromised IoT appliances infected with the Mirai botnet malware, whose source code was recently made public. These appliances include hacked DVRs and CCTV cameras/webcams, a majority of these were found to be manufactured by Chinese company XiongMai.
If the brand does not sound familiar, well, it's not exactly a household name. XiongMai doesn't really sell appliances under its own brand but supplies hundreds of other manufacturers with webcam and DVR components.
With the company's imprints on millions of devices, it is now being accused of having lax and error-laden security protocols in its products, such as the inability of users to change the password on the webcam and DVRs' alternate communication protocols SSH and Telnet. This means that even though users can secure the administrator web interface by changing the default password, this will not secure these other protocols, leaving them ripe for a Mirai attack.
In response to these accusations, XiongMai announced that it is recalling a majority of its products sold in the U.S. The company stated in its official blog that it's issuing a recall to strengthen password functions and is sending a patch for appliances sold before April of last year. This recall covers all of XiongMai's webcam models.
Despite the recall, XiongMai is denying the allegations that its products' weak security was a major component of last Friday's attacks, and the company is threatening to pursue legal action against its accusers. It said that the main issue was simply users not changing the default administrator password and its products are well secured against cyberattacks.
But still, this major recall is an alarming symptom of a major issue of these connected Internet of Things appliances - security is still an afterthought.
Protect your appliances
Since these IoT appliance infections only reside on temporary memory, the first thing you have to do is reboot the device to clear out the malware.
If you are checking your router, IP webcam or connected printer, it is important that you change the default administrator username and password. Do this by accessing the appliance's hub (usually through a web page or a smartphone app). If your smart appliance connects via the manufacturer's website, make sure your password is complex and unique.
Next, check for firmware updates. Now, with these attacks out in the open, manufacturers will start issuing security patches to prevent such infections. It's important to keep your firmware always up to date. If your gadget does not automatically fetch firmware updates, make sure to manually check at least every three months.
To prevent your router from being used in such attacks, click here to learn one thing it needs to keep hackers out.