Recent Attack Demonstrates IoT Risks in Household Items

By Amanda Katzenstein

On October 21, 2016, hackers carried out a massive Denial of Service cyberattack that rendered some of the most popular websites in the country inaccessible to much of the East Coast.  Unlike past DoS attacks, this latest attack was undertaken by infecting millions of internet-connected devices with malware, causing new concerns about the ever-growing Internet of Things.

For the uninitiated, the Internet of Things (IoT) refers to the system of interrelated devices and machines that have the ability to transfer data over a network without requiring human interaction.  In this case, hackers infiltrated devices such as DVRs and webcams, demonstrating that common household equipment can be used for malicious purposes. Hackers then used the infected devices to flood domain name service provider Dyn with traffic from tens of millions of IoT IP addresses, blocking access to websites such as Netflix, Amazon, the New York Times and Twitter. The first wave of the attack lasted approximately two hours.

The next IoT hack could feature even more basic devices.  Researchers from Israel’s Weizmann Institute of Science and Dalhousie University in Canada have shown that internet connected lightbulbs could be the next hack. The researchers were able to exploit a flaw in ZigBee, a wireless protocol, to allow them to control the lights.
 
Further, as Election Day in the United States approaches, many are worried that last-minute hacking pertaining to either polls or information might affect an election already riddled with email and video scandals. According to an article by David E. Sanger of the New York Times, the biggest fear is that an internet disruption will make it hard to get to the polls.
 
While it is impossible to predict where the next attack may occur, it is clear that IoT is becoming increasingly vulnerable, and not just for consumer products.  Companies utilizing various types of automation technology for facilities control, logistics, and manufacturing may be at an increased risk.  If you have any questions pertaining to the Internet of Things or other data security issues, please feel free to contact a member of Polsinelli’s Privacy and Data Security Group including Amanda Katzenstein at akatzenstein@polsinelli.com.