Last year saw Mirai — a malware causing one of the worst denial of service cyberattacks that the world had experienced in the last few years. The infamous malware ended up infecting internet-connected devices in over 177 countries all around the world. This massive network of hacked devices led to a temporary shut down of popular websites like Netflix, Twitter and several others.
This particular incident created a massive uproar in the Internet of Things community with several debating how easy is it to hack the numerous internet-connected that a common man makes use of in his daily life.
Pumped up with the debates and discussions, Andrew McGill from The Atlantic set out to find some concrete answers. He decided to devise an experiment to find out how vulnerable his internet-connected devices are to the hackers. The experiment involved him building a virtual Internet-connected toaster, and then putting it online and waiting to see how much time does it take for the hackers to attempt to breach it. According to an interview given by McGill to North Carolina Public Radio (NPR), the hackers found him much faster than he had expected.
McGill added that based on the talks he had with some of experts before experiment, he was expecting the breach to take place within a week of putting it online or maybe never, but certainly not less than in a day. Speaking to NPR’s Ari Shapiro, McGill said, “But it came a lot sooner. It was 41 minutes. [The second attempt was] within 10 or 15 minutes [and the third was] another 10 or 15.”
According to McGill, it is a common perception that this kind of thing (cyberattack) would never happen to us, and at the time he devised the experiment he thought the same. He said, he thought, “there’s millions, and actually billions, of IP addresses, each one with a computer behind it. Why would a hacker find me?” But, unfortunately, he was wrong and the hackers found him much, much earlier than he predicted.
Hackers are known to randomly scan ports, which are essentially ways into computers, across the entire Internet. In fact, technology has become advanced to a degree that anyone can reasonably expect to scan the entire World Wide Web in just a few hours.
During his interview with NPR, McGill also threw light on why certain devices are more vulnerable to attacks than others. He explained that if one is plugging in their Internet toaster into their home Wi-Fi or into their home router, they already have a layer of security in the form of their router. The device ensures that all the incoming connections don’t get through to your devices and weeds out the one that would be malicious.
But, the device that McGill built for the experiment was a little different. It was similar to the simpler devices that were attacked during the infamous Mirai malware attack. He explained that such devices are more vulnerable than others as they don’t carry that layer of protection between them and the modem, and connect directly to the Internet. So, while an average consumer does have that layer of protection, but this protection can be breached, too.
During the interview, McGill also revealed that the location of hacking attempts can be identified by logging in the IP addresses, and geo-locating those to see where they’re coming from. But, he really doesn’t trust the process since it is very easy to spoof an IP address or have a proxy server to make it look like they’re coming from somewhere else.
According to McGill, the average consumer is largely safe as most of the modern devices in the markets have basic security in place that screen out the most obvious attacks. In addition to this, they are secure till the time they’re plugging in their devices to their own router or Wi-Fi. It’s only the people who have an old router at work who need to panic as they might have an easily guessed password that someone can easily gain control of.
In case you’re wondering if your device has been compromised, you can run it through The Internet of Things Scanner, which is a service that checks if any of your Internet of Things devices are on Shodan, a popular search engine that lets anyone and everyone find IoT devices like printers, thermostats, and cameras that are publicly accessible on the net, thus making them vulnerable to hackers.