Hackers Used the IoT to Create an Unprecedented DDoS Attack—Now What?

We asked security expert Dan Lohrmann what a massive cyberattack on cybersecurity journalist Brian Krebs' website means for the wider Internet of Things industry.
By Mary Catherine O'Connor

Lohrmann: Absolutely. It is already happening. Forbes reported that tens of thousands of Internet of Things devices, including unsecure routers, digital video recorders (DVRs) and connected IP cameras, were involved in other significant DDoS attacks since the Krebs attack.

I certainly expect much more to come in this area.

IOT Journal: If you were a manufacturer of IoT devices, how would you respond to this attack? What should providers of IoT devices be doing that they're not?

Lohrmann: As noted in our last interview, manufacturers need to build security in from the start. At a basic level, IoT devices cannot ship with default credentials, and the access to web-based administrative interfaces needs to be secure.

In addition, the Cloud Security Alliance (CSA) has just released a guide to securing Internet of Things devices. The report has 13 recommendations. Some recommendations include the need for developers to implement a secure firmware and software update process from day one.

It suggests securing product interfaces with authentication, integrity protection and encryption, as well as obtaining an independent security assessment of the IoT products in production. Also, the wider network interfaces must be secure. The report recommends securing the companion mobile applications and/or gateways that connect with the IoT products, as well as implementing a secure root of trust [hardware and software components secure by design].

Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations