Update 10/28: Senator Mark Warner (D. Virginia) has said that he is considering legislating a security rating system for “Internet of Things” devices. “Whether it’s a state or a bunch of teenage hackers, it does reveal a new level of vulnerability,” he said. If the industry can’t keep tabs on itself because of cheap Chinese products flooding the market, this sounds like a necessary step to keep us from more DDoS attacks and Netflix/Amazon outages.
Krebs on Security has a great write-up of yesterday’s events that took down many major sites including Twitter, Reddit, Spotify,Netflix and parts of Amazon.
It’s really interesting that our “internet of things” devices are starting to be used in hacks. These were mostly security cameras for companies that want to be able to check in from the web, but you can imagine in a few years what could happen with your smart TV, washer, toaster, and that new refrigerator that tweets when you’re running low on milk. These companies really need to get their security under control, and more importantly, people need to know that buying cheap Chinese knock-offs might bring along some security flaws.
Being able to log in with a hard-coded admin password via Telnet and SSH is inexcusable. If you have some kind of internet-accessible device on your network, it’s important that you implement some kind of network-level security: requiring people to log in to access your network at all, before they can access your less secure camera system. Oh, and if you use a VPN at least your traffic can’t be snooped on when you access your ‘things’.