The Internet Is Growing Faster Than the Ability to Defend It
  Larry Greenemeier Scientific American (October 26, 2016)
  With this year's approaching holiday gift season the rapidly 
growing "Internet of Things" or IoT-which was exploited to help 
shut down parts of the Web this past Friday-is about to get a lot 
bigger, and fast.  Christmas and Hanukkah wish lists are sure to 
be filled with smartwatches, fitness trackers, home-monitoring 
cameras and other wi-fi-connected gadgets that connect to the 
internet to upload photos, videos and workout details to the 
cloud.  Unfortunately these devices are also vulnerable to 
viruses and other malicious software (malware) that can be used 
to turn them into virtual weapons without their owners' consent 
or knowledge.
  Last week's distributed denial of service (DDoS) attacks-in 
which tens of millions of hacked devices were exploited to jam 
and take down internet computer servers-is an ominous sign for 
the Internet of Things.  A DDoS is a cyber attack in which large 
numbers of devices are programmed to request access to the same 
Web site at the same time, creating data traffic bottlenecks that 
cut off access to the site.  In this case the still-unknown 
attackers used malware known as "Mirai" to hack into devices 
whose passwords they could guess, because the owners either could 
not or did not change the devices' default passwords.
  The IoT is a vast and growing virtual universe that includes 
automobiles, medical devices, industrial systems and a growing 
number of consumer electronics devices.  These include video game 
consoles, smart speakers such as the Amazon Echo and connected 
thermostats like the Nest, not to mention the smart home hubs and 
network routers that connect those devices to the internet and 
one another.  Technology items have accounted for more than 73 
percent of holiday gift spending in the U.S.  each year for the 
past 15 years, according to the Consumer Technology Association.  
This year the CTA expects about 170 million people to buy 
presents that contribute to the IoT, and research and consulting 
firm Gartner predicts these networks will grow to encompass 50 
billion devices worldwide by 2020.  With Black Friday less than 
one month away it is unlikely makers of these devices will be 
able to patch the security flaws that opened the door to last 
week's attack.
  Before the IoT attack that temporarily paralyzed the internet 
across much of the Northeast and other broad patches of the U.S.  
last week, there had been hints that such a large assault was 
imminent.  In September a network, or "botnet," of Mirai-infected 
IoT devices launched a DDoS that took down the 
KrebsOnSecurity.com Web site run by investigative cybersecurity 
journalist Brian Krebs.  A few weeks later someone published the 
source code for Mirai openly on the Internet for anyone to use.  
Within days Mirai was at the heart of last week's attacks against 
U.S.  Dynamic Network Services, or Dyn, a domain name system 
(DNS) service provider.  Dyn's computer servers act like an 
internet switchboard by translating a Web site address into its 
corresponding internet protocol (IP) address.  A Web browser 
needs that IP address to find and connect to the server hosting 
that site's content.
  Friday's attacks kept the Sony PlayStation Network, Twitter, 
GitHub and Spotify's Web teams busy most of the day but had 
little impact on the owners of the devices hijacked to launch the 
attacks.  Most of the people whose cameras and other digital 
devices were involved will never know, said Matthew Cook, a 
co-founder of Panopticon Laboratories, a company that specializes 
in developing cybersecurity for online games.  Cook was speaking 
on a panel at a cybersecurity conference in New York City on 
Monday.
  But consumers will likely start paying more attention when they 
realize that someone could spy on them by hacking into their 
home's Web cameras, said another conference speaker, Andrew Lee, 
CEO of security software maker ESET North America.  An attacker 
could use a Web camera to learn occupants' daily routines-and 
thus know when no one is home-or even to record passwords as they 
are typed them into computers or mobile devices, Lee added.
  The IoT is expanding faster than device makers' interest in 
cybersecurity.  In a report released Monday by the National Cyber 
Security Alliance and ESET, only half of the 15,527 consumers 
surveyed said that concerns about the cybersecurity of an IoT 
device have discouraged them from buying one.  Slightly more than 
half of those surveyed said they own up to three devices-in 
addition to their computers and smartphones-that connect to their 
home routers, with another 22 percent having between four and 10 
additional connected devices.  Yet 43 percent of respondents 
reported either not having changed their default router passwords 
or not being sure if they had.  Also, some devices' passwords are 
difficult to change and others have permanent passwords coded in.
  With little time for makers of connected devices to fix 
security problems before the holidays, numerous cybersecurity 
researchers recommend consumers at the very least make sure their 
home internet routers are protected by a secure password.


    VICUG-L is the Visually Impaired Computer User Group List.
Archived on the World Wide Web at
    http://listserv.icors.org/archives/vicug-l.html
    Signoff: [log in to unmask]
    Subscribe: [log in to unmask]