Menu

IoT FEATURE NEWS

Why Aren't IoT Manufacturers Doing More to Prevent Botnet Attacks?

By

Malicious hackers seeking out unsecured devices to add to their botnet armies is not new, but the Internet of Things (IoT) revolution is making their jobs all too easy.

According to Cisco estimates, there are 15 billion IoT devices on the market today; IDC and Intel project over 200 billion such devices by 2020.  Only a portion of this consumer market consists of high end devices – such as major household appliances like smart refrigerators – that feature respectable, built-in security measures (and offer the potential for upgrades). The vast majority of IoT devices are low-end smart light bulbs, thermostats and other items with little or no existing security – nor a user interface that allow their security to be managed effectively.

The threat from botnets populated by unsecured, compromised IoT devices is real, growing, and should not be ignored. In October 2016, such a botnet conducted a distributed denial of service (DDoS) attack on the DNS provider Dyn, which, at least to date, is considered one of the largest sustained attacks of this kind in history. The attack, which may have involved the IP addresses of 10 million different IoT connected devices, caused major sites such as Twitter, Netflix, Reddit, CNN, Amazon and Spotify to instantly go offline. A subsequent strike by the same botnet also partially succeeded in interrupting Internet access for the entire country of Liberia. While each of these attacks delivered only 500 Gbps of data sustained for several minutes, I believe future DDoS attacks utilizing IoT-based botnets could soon top 10 Tbps – large enough to disrupt access to any targeted site or country.

So, if the threat is this well known, why aren’t IoT device manufacturers acting to make the products they sell more secure? The reality is that they have no direct incentive to do so. The pressures of the IoT market decisively favor products with a quick time-to-market and eye-catching user features. Device security hardly ranks in the minds of consumers – if unsecure IoT devices perform as advertised, there’s no reason for their buyers to complain. Most consumers have little to no awareness of the existence of botnets or DDoS attacks, or of the harm their devices are capable of doing. IoT device manufacturers remain glad to fulfill the market’s demand, providing products as quickly and cheaply as possible.

This ecosystem won’t last forever, though. Sooner or later, the websites and hosting services most affected by these IoT-based botnets will seek to disrupt the status quo. In one scenario, I foresee those sites and hosts will begin to pressure the Internet Service Providers (ISPs) that provide the bandwidth that IoT devices use as firepower for DDoS attacks. If successful, those ISPs would then be financially incentivized to address the issue of unsecured IoT devices that access the Internet across their broadband connections. Of the different avenues the ISPs may take to accomplish this, expect the ultimate responsibility to be with the end user. One possibility: ISPs may implement a system of “metered broadband,” giving consumers the bill when their devices use outsized amounts of bandwidth, as happens when they are part of a botnet attack. Alternatively, ISPs might warn customers when their devices are part of attacks – or even if their devices are unsecure and prone to risk – followed by blocking traffic to those devices if action isn’t taken.

I believe placing the responsibility for IoT device security on end users would spur a rapid shift in consumer demand and purchasing behaviors, especially when ISPs begin rendering at-risk devices non-functional. Manufacturers will then have the incentive they need to include proper device security in their IoT products. And then, perhaps, the Internet will have one less danger to worry about.

Jeff Finn is CEO at zvelo, a provider of content and device categorization, as well as malicious botnet detection services.




Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

Your Secret Weapon for Enhanced Liability Defense

By: Contributing Writer    6/23/2026

Running a business has its benefits. It can free you from a traditional 9-5 structure. However, it also introduces new layers of risk-especially in a …

Read More

The Digital Supply Chain: Resilience, Visibility, and the End of Flying Blind

By: Carl Ford    5/26/2026

Digital supply chain transformation is helping enterprises replace fragile, efficiency-only models with resilient, real-time operations powered by end…

Read More

The CIO Reimagined: From IT Keeper to Digital Business Leader

By: Carl Ford    5/26/2026

The modern CIO is evolving from an IT operations leader into a strategic digital business executive, responsible for driving AI governance, cloud stra…

Read More

Industrial IoT and the Rise of Smart Level Monitoring

By: Contributing Writer    5/18/2026

Industrial operations are becoming increasingly data-driven. From manufacturing plants and oil terminals to water treatment facilities and agricultura…

Read More

How Does Anthropic's Mythos Foretell the Post Quantum Nightmare?

By: Carl Ford    5/14/2026

AI security tools like Anthropic's Mythos are exposing hundreds of exploitable flaws in legacy software stacks, underscoring the urgent need for bette…

Read More