Homeland security looks at Internet of Things

fudzilla.com ^ | 25 October 2016 | Nick Farrell

[Ernest_at_the_Beach]

The lightbulbs are revolting

The Obama administration has ordered Homeland Security to come up with a cunning plan to make the Internet of Things devices more secure after a huge DoS attack on major websites.

Twitter, Spotify, Netflix and dozens of other major websites were taken down by botnets built from compromised Internet of Things devices.

Homeland Security said it had held a conference call with 18 major communication service providers shortly after the attack began and was working to develop a new set of “strategic principles” for securing internet-connected devices.

DHS said its National Cybersecurity and Communications Integration Centre was working with companies, law enforcement and researchers to cope with attacks made possible by the rapidly expanding number of smart gadgets that make up the Internet of Things.

Already two manufacturers whose devices had been hijacked for the attack pledged Monday to try to fix them. Chinese firm Hangzhou Xiongmai Technology, which makes components for surveillance cameras, said it would recall some products from the United States. Dahua Technology, acknowledged that some of its older cameras and video recorders were vulnerable to attacks when users had not changed the default passwords. Like Xiongmai, it said it would offer firmware updates on its website to fix the problem and would give discounts to customers who wanted to exchange their gear.

But the fear is that the majority of IoT devices are never going to be fixed because it would cost manufactures too much.

Basically they have to be issued with better passwords, mechanisms for updates and some onboard security. This is somewhat a lot to ask of a lightbulb.

What is possible is that the manufacturers could agree on some unified software and insist on better standards.

[Ernest_at_the_Beach]

fyi

[Gaffer]

Homeland Security couldn’t find their ass with both hands.

[Little Pig]

A day late and a dollar short, in several respects. Not only have we already suffered an IoT-related DDoS, but the security community has been warning for several years now that most IoT devices are horrifically unsecure, and risks on several fronts.

To paraphrase Ian Malcom: The IoT developers “...were so preoccupied with whether or not they could, they didn’t stop to think if they should.”

[ImJustAnotherOkie]

Well, they did and shouldn’t have.

[Mr. K]

The solution is simple

Ban all conservative sites.

For ‘security’ of the internet.

All better now, see?

[sten]

I thought the latest ddos attack originated at an air force base in KY.

Was the point to give a reason for this move?

[ImJustAnotherOkie]

How much will they spend to determine thsy un plugging them will fix it. Reminds me of a joke I heard about the USA, Russian and Polish scientists trying to fugure out why the head was bigger than the shaft.

[CJ Wolf]

Got a link?

[Krosan]

Is there any more official source on it? I am browsing on phone right now and can’t search well.

[Buckeye McFrog]

Yessir, we'll get right on that...

[justlurking]

Want to know if you have a vulnerable device?

Internet of Things Scanner

The first step is to see if your IP is listed on Shodan: a search engine like Google that looks for Internet-connected devices like webcams.

After that first step, you can also request a "deep scan" of your IP to determine if you have a vulnerable device.

[Buckeye McFrog]

Five or six years ago the full-court press was on to force us to all accept a smart meter.

Notice how that has fallen very silent?

[goodnesswins]

What “things” are they talking about? Washers?...dryers?...furnaces?...cameras?...A/C? Lights? I know we have smart phones but sheesh.

[goodnesswins]

I just read they are talking about “smart gadgets”...things we avoid as much as possible.

[Buckeye McFrog]

I always said I was perfectly happy living in the 80’s.

If this keeps up I may just take my home back there.

[Buckeye McFrog]

What “things” are they talking about? Washers?...dryers?...furnaces?...cameras?...A/C?

All of the above. And currently available on the high-end product.

[bigbob]

Linux computers with WiFi are under $10.

[bigbob]

Linux computers with WiFi are under $10.

[goodnesswins]

Ha...we’ve avoided taking our 9 yr old home forward...still manually raise and lower heat, etc...but we were forced onto “smart meters” here. I do turn off router at night...my little rebellion, ha.