Menu

IoT FEATURE NEWS

Why Aren't IoT Manufacturers Doing More to Prevent Botnet Attacks?

By

Malicious hackers seeking out unsecured devices to add to their botnet armies is not new, but the Internet of Things (IoT) revolution is making their jobs all too easy.

According to Cisco estimates, there are 15 billion IoT devices on the market today; IDC and Intel project over 200 billion such devices by 2020.  Only a portion of this consumer market consists of high end devices – such as major household appliances like smart refrigerators – that feature respectable, built-in security measures (and offer the potential for upgrades). The vast majority of IoT devices are low-end smart light bulbs, thermostats and other items with little or no existing security – nor a user interface that allow their security to be managed effectively.

The threat from botnets populated by unsecured, compromised IoT devices is real, growing, and should not be ignored. In October 2016, such a botnet conducted a distributed denial of service (DDoS) attack on the DNS provider Dyn, which, at least to date, is considered one of the largest sustained attacks of this kind in history. The attack, which may have involved the IP addresses of 10 million different IoT connected devices, caused major sites such as Twitter, Netflix, Reddit, CNN, Amazon and Spotify to instantly go offline. A subsequent strike by the same botnet also partially succeeded in interrupting Internet access for the entire country of Liberia. While each of these attacks delivered only 500 Gbps of data sustained for several minutes, I believe future DDoS attacks utilizing IoT-based botnets could soon top 10 Tbps – large enough to disrupt access to any targeted site or country.

So, if the threat is this well known, why aren’t IoT device manufacturers acting to make the products they sell more secure? The reality is that they have no direct incentive to do so. The pressures of the IoT market decisively favor products with a quick time-to-market and eye-catching user features. Device security hardly ranks in the minds of consumers – if unsecure IoT devices perform as advertised, there’s no reason for their buyers to complain. Most consumers have little to no awareness of the existence of botnets or DDoS attacks, or of the harm their devices are capable of doing. IoT device manufacturers remain glad to fulfill the market’s demand, providing products as quickly and cheaply as possible.

This ecosystem won’t last forever, though. Sooner or later, the websites and hosting services most affected by these IoT-based botnets will seek to disrupt the status quo. In one scenario, I foresee those sites and hosts will begin to pressure the Internet Service Providers (ISPs) that provide the bandwidth that IoT devices use as firepower for DDoS attacks. If successful, those ISPs would then be financially incentivized to address the issue of unsecured IoT devices that access the Internet across their broadband connections. Of the different avenues the ISPs may take to accomplish this, expect the ultimate responsibility to be with the end user. One possibility: ISPs may implement a system of “metered broadband,” giving consumers the bill when their devices use outsized amounts of bandwidth, as happens when they are part of a botnet attack. Alternatively, ISPs might warn customers when their devices are part of attacks – or even if their devices are unsecure and prone to risk – followed by blocking traffic to those devices if action isn’t taken.

I believe placing the responsibility for IoT device security on end users would spur a rapid shift in consumer demand and purchasing behaviors, especially when ISPs begin rendering at-risk devices non-functional. Manufacturers will then have the incentive they need to include proper device security in their IoT products. And then, perhaps, the Internet will have one less danger to worry about.

Jeff Finn is CEO at zvelo, a provider of content and device categorization, as well as malicious botnet detection services.




Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

Rising Edge Computing Investments to Reach $350B by 2027, According to IDC

By: Alex Passett    3/27/2024

Worldwide spending on edge computing is expected to surge (and then keep going) for the foreseeable future, according to the International Data Corpor…

Read More

ZEDEDA Adds Lisa Edwards as New Board Member, Seeks Opportunities to Strengthen Operations and Scale

By: Alex Passett    3/26/2024

Earlier this morning, ZEDEDA announced the addition of Lisa Edwards to its board of directors.

Read More

An Existing IoT Collab, Emboldened: Digi International and Telit Cinterion Transform Solutions with 5G RedCap Integration

By: Alex Passett    3/25/2024

The ongoing industry collaboration between Digi International and Telit Cinterion signals strong support for the mainstream showcasing of 5G for IoT a…

Read More

Telit Cinterion's 5G LGA Modules, Powered by Snapdragon from Qualcomm, to Create a Big Leap in IoT Connectivity

By: Alex Passett    3/25/2024

Telit Cinterion recently unveiled its FE990B34/40 LGA family of modules, powered by the Snapdragon X72 5G Modem-RF System from Qualcomm Technologies, …

Read More

Embracing Innovation in Mining: The Role of Network-Aware Applications in the Digital Transformation

By: Special Guest    3/21/2024

Shabodi leverages private 5G network capabilities and enables the development of network-aware applications to enhance operational efficiency, automat…

Read More