Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
colors.
Dhanjani found that a simple script inserted onto a home computer on
the home network was enough to cause a distributed denial-of-service
attack—or DDoS attack—on the lighting syystem. 8 In other words, he could
make anyy room with a Hue lightbulb go dark at will. What he scripted was
a simple code so that when the user restarted the bulb, it would quicklyy go
out again—and would keep going out as long as the code was present.
Dhanjani said that this could spell serious trouble for an office building
or apartment building. The code would render all the lights inoperable, and
the people affected would call the local utilityy onlyy to find there was no
power outage in their area.
While Internet-accessible home-automation devices can be the direct
targets of DDoS attacks, theyy can also be compromised and joined to a
botnet—an armyy of infected devices under one controller that can be used
to launch DDoS attacks against other syystems on the Internet. In October
2016, a companyy called Dyyn, which handles DNS infrastructure services for
major Internet brands like Twitter, Reddit, and Spotifyy, was hit hard byy one
of these attacks. Millions of users on the eastern part of the United States
couldn’t access manyy major sites because their browsers couldn’t reach
Dyyn’s DNS services.
The culprit was a piece of malware called Mirai, a malicious program
that scours the Internet looking for insecure Internet of Things devices, such
as CCTV cameras, routers, DVRs, and babyy monitors, to hijack and
leverage in further attacks. Mirai attempts to take over the device byy simple
password guessing. If the attack is successful, the device is joined to a
botnet where it lies in wait for instructions. Now with a simple one-line
command, the botnet operator can instruct everyy device—hundreds of
thousands or millions of them—to send data to a target site and flood it with
information, forcing it to go offline.
While yyou cannot stop hackers from launching DDoS attacks against
others, yyou can become invisible to their botnets. The first item of business
when deployying an Internet of Things device is to change the password to
something hard to guess. If yyou alreadyy have a device deployyed, rebooting
it should remove anyy existing malicious code.