On April 1st , I would have shrugged off this story as fake news. Maybe even today. I was already suspicious after a week when accusations of the crookedness of media stories rained down on me, not least from the new POTUS
The crooked lampposts
I came across a fascinating story about how hackers turned lampposts into smart points of attack. The (unnamed) university found itself obeying its own computer system in accepting requests to re-fill its vending machines due to unprecedented demand for sea-food products.
This is yet another scare story about the malign consequences of The Internet of Things.
Poorly secured internet of things (IoT) devices have become gold mines for hackers looking to launch DDoS attacks to take websites and services offline. But this latest case, detailed in Verizon’s Data Breach Digest 2017, is the rare example of gadgets attacking their own network.
The devices were making hundreds of Domain Name Service (DNS) lookups every 15 minutes, causing the university’s network connectivity to become unbearably slow or even inaccessible.
The firewall analysis identified over 5,000 discrete systems making hundreds of DNS lookups every 15 minutes. Of these, nearly all systems were found to be living on the segment of the network dedicated to the IoT infrastructure.
With a massive campus to monitor and manage, everything from light bulbs to vending machines had been connected to the network for ease of management and improved efficiencies. While these IoT systems were supposed to be isolated from the rest of the network, it was clear that they were all configured to use DNS servers in a different subnet.
Luckily for the guys at the university, there was no need to replace “every soda machine and lamp post”.
To solve the massive hack, the university intercepted a clear-text malware password for a compromised IoT device and then used “that information to perform a password change before the next malware update”.
Overall, it doesn’t look like this problem is going away anytime soon. There are more than 6 billion IoT devices currently running, according to Gartner Research. That number could reach more than 20 billion by 2020.
To Susan Moger at Alliance Manchester Business School for encouraging my interest in The Internet of Things and alerting me to the BBC article.
To go more deeply
A top-level conference on the Internet of things is to be held in London this April. Don’t miss a chance to protect your organisation from attacks from very smart lampposts.