How to Keep Your Devices From Joining a Zombie Botnet Army
Your DVR probably wasn't involved in Friday's cyberattack, but it could be next time. Here's what you need to know.
Last Friday's massive cyberattack, which disrupted access to dozens of popular websites, probably wasn't carried out by internet-connected devices in your home, cyber safety experts say.
News reports initially blamed a vast array of poorly secured, web-enabled devices that had been hijacked by hackers. The botnet (for "robot network") army was being controlled from afar, without the devices' owners knowing about it.
The reports suggested that many of our DVRs, webcams, smart refrigerators, smart thermostats, and similar devices were involved in the attack on Dyn, a New Hampshire-based web-infrastructure company. It wasn't clear who launched the attack, or why.
Instead, it turns out the majority of unwitting accomplices were video recorders involved in surveillance systems, routers, and surveillance cameras, likely dispersed across multiple countries.
Still, the incident is a reminder of how vulnerable your home is to hackers. Fortunately, there are things you can do to protect your smart devices from being hijacked.
A Global Attack
Following the attack, Flashpoint, a security-intelligence firm, issued a statement saying that hackers had used malware known as Mirai to target “Internet of Things (IoT) devices like routers, digital video recorders (DVRs), and webcams/security cameras, enslaving vast numbers of these devices into a botnet.”
Consumers may have worried that their own home entertainment systems were participating in the attack. But that's probably not the case, according to Craig Young, principal security researcher with the Vulnerabilities and Exposures team at an IT and security company called Tripwire. He has been analyzing the risks posed by insecure IoT devices for several years.
In reality, Young says, the DVRs were mostly being used in surveillance systems for businesses and homes, and were not connected to the TVs in living rooms.
He points to reporting conducted by Brian Krebs, a leading investigative journalist covering security issues, whose own site was shut down by Mirai last month. Krebs found only one television DVR listed among devices possibly compromised by the malware, a Dreambox satellite receiver with a default username and password.
“I don’t think this is a very common or popular device, at least in the United States,” Young says.
A few makers of connected devices have weighed in, including Nest, the thermostat-and-webcam company owned by Google.
"To our knowledge, no Nest device has been involved in any of the recent attacks," the company said in a statement. "They are not impacted by the malware being used to hijack devices and redirect them to a different destination.”
So what devices are part of such botnets? Information on the Dyn attack is still unfolding. But analysis conducted by Imperva, a security firm, on a Mirai attack in August found that the compromised devices in that attack were also mostly surveillance cameras in dozens of countries.
Additional attacks were studied by a networking firm called Level 3 Communications. The company concluded that surveillance DVRs composed 80 percent of the Mirai botnet used in the attacks, and that only 29 percent of all compromised devices were located in the United States.
"I would be confident in saying that most popular IoT devices have not been exposed to the Mirai threat—thermostats, fridges, name-brand cameras, smart outlets, and lighting," Young says.
But more sophisticated attacks may be coming, especially since Mirai’s source code was published on hacker forums this fall.
“The scary thought is that Mirai can now be modified to use millions of additional devices," Young says. "If even a small quantity of the other vulnerable IoT devices become infected, another attack could probably go orders of magnitude greater.”
How to Protect Your Network
There's no easy way to know if any of the gadgets in your home have been affected by this attack, but the threats to connected devices are growing.
It's important to change the default password on as many IoT devices as possible, especially cameras. But the most important device to secure is the router that sits at the heart of your home WiFi network. This is the conduit from the devices in your home to the rest of the world.
There are a number of steps you can take to secure your router against malware, including Mirai. Here are some of the most important.
1. Go into your router’s settings and disable remote management, specifically remote management through Telnet. (This is a protocol used for letting one computer control another from a remote location, and it has been used in previous Mirai attacks.) This will combat attempts from computers outside your home to take control of devices in your network.
2. Next, disable Universal Plug-and-Play (UPnP), which many home routers have enabled by default. UPnP creates a hole in your router’s security that could allow malware to infiltrate any part of your local network. "There won’t be a lot of cases where disabling UPnP will break things,” Young says, stopping devices from connecting to the web and working properly.
3. Because Mirai scans for default settings, make sure you are not using your router’s default password.
4. If your router is more than a few years old, consider buying a new one—especially if you've been using it without a password, or with the default one. A new router may be faster as well as more secure.
