The Internet of Things will host devastating, unstoppable botnets

0
26

Bruce Schneier takes to the pages of Technology Review to remind us all that while botnets have been around for a long time, the Internet of Things is supercharging them, thanks to insecurity by design.

Botnets are useful for denial of service attacks, but they’re also an indispensable part of the spam ecosystem, clickfraud, extortion, and other bad news.

Cheap IoT gadgets are manufactured by absentee proprietors and large, respected companies who ignore urgent warnings about their defects (or punish people who complain by remote-bricking their gadgets), leading to nightmarish breaches.

Worse, IoT manufacturers use antiquated DRM laws to threaten security researchers who reveal the defects in their products with brutal lawsuits and even jail-time (and this will be a risk for any device controlled by a browser).

Once you know a botnet exists, you can attack its command-and-control system. When botnets were rare, this tactic was effective. As they get more common, this piecemeal defense will become less so. You can also secure yourself against the effects of botnets. For example, several companies sell defenses against denial-of-service attacks. Their effectiveness varies, depending on the severity of the attack and the type of service.

But overall, the trends favor the attacker. Expect more attacks like the one against Dyn in the coming year.

Play Video

Play

Loaded: 0%

Progress: 0%

Remaining Time -0:00

This is a modal window.

Foreground — White Black Red Green Blue Yellow Magenta Cyan — Opaque Semi-Opaque

Background — White Black Red Green Blue Yellow Magenta Cyan — Opaque Semi-Transparent Transparent

Window — White Black Red Green Blue Yellow Magenta Cyan — Opaque Semi-Transparent Transparent

Font Size 50% 75% 100% 125% 150% 175% 200% 300% 400%

Text Edge Style None Raised Depressed Uniform Dropshadow

Font Family Default Monospace Serif Proportional Serif Monospace Sans-Serif Proportional Sans-Serif Casual Script Small Caps

Defaults Done