• CEPro_logo_blue-new
  • TOPICS
      • News
        • People & Places
        • Product Briefs
      • Projects
      • Events
      • Control
        • Central Vac
        • Energy/Power
        • HVAC/IAQ
        • Interfaces/Devices
        • Lighting
        • Motorized Shades
        • Whole House Systems
      • Audio/Video
        • Audio/Video
        • AV Accessories
        • AV Racks
        • Cabling
        • Displays
        • Furniture
        • Headphones
        • Home Theater
        • Media
        • Mounts/Lifts
        • Multiroom AV
        • Projectors/Screens
        • Speakers/Subwoofers
        • Wireless AV
      • Security
        • Access Control
        • Alarms/Sensors
        • Services/Platforms
        • Surveillance/Cameras
      • Business Support
        • Associations/Buying Groups
        • Cell Phone Boosters
        • Distributors/Reps
        • Operations
        • Recurring Revenue
        • Research
        • Sales/Marketing
        • Software Services
        • Tools/Testers
      • Networking
        • Cellular
        • Devices/Equipment
        • Wireless
        • Wired/Installation
      • Markets
        • Builders
        • Commercial
        • Design
        • Europe
        • Outdoors
        • Resimercial
        • Wellness
      • CE Pro Hub Pages
        • Bose
        • Savant
        • Inside Sound United
  • PRODUCTS
  • RESOURCES
    • Reports/Downloads
    • Buyer’s Guide
    • Webcasts
    • Podcasts
    • Integrator Jobs
    • Digital Edition
    • CE Pro-iQ
  • SUBSCRIBE
    • CEDIA SHOW UPDATES
    • CEPRO PRINT EDITION
    • CEPRO DIGITAL EDITION
    • CEPRO NEWSLETTERS
  • DISCOVER
    • CEDIA Expo
      • September 29 – October 1
        Dallas, TX
      • VISIT SITE
    • KBIS
      • February 8 – 10
        Orlando, FL
      • VISIT SITE
    • Total Tech Summit
      • October 26 – 28
        Orlando, FL
      • VISIT SITE
    • Commercial Integrator
      • VISIT SITE
    • Security Sales
      • VISIT SITE
    • Tech Decisions
      • VISIT SITE
    • Campus Safety
      • VISIT SITE
    • Design Well
      • VISIT SITE
    • KBB Online
      • VISIT SITE
    • AV-iQ
      • VISIT SITE
    • CE Pro-iQ
      • VISIT SITE
  • Search
  • TOPICS
    • News
      • People & Places
      • Product Briefs
    • Projects
    • Events
    • Control
      • Central Vac
      • Energy/Power
      • HVAC/IAQ
      • Interfaces/Devices
      • Lighting
      • Motorized Shades
      • Whole House Systems
    • Audio/Video
      • Audio/Video
      • AV Accessories
      • AV Racks
      • Cabling
      • Displays
      • Furniture
      • Headphones
      • Home Theater
      • Media
      • Mounts/Lifts
      • Multiroom AV
      • Projectors/Screens
      • Speakers/Subwoofers
      • Wireless AV
    • Security
      • Access Control
      • Alarms/Sensors
      • Services/Platforms
      • Surveillance/Cameras
    • Business Support
      • Associations/Buying Groups
      • Cell Phone Boosters
      • Distributors/Reps
      • Operations
      • Recurring Revenue
      • Research
      • Sales/Marketing
      • Software Services
      • Tools/Testers
    • Networking
      • Cellular
      • Devices/Equipment
      • Wireless
      • Wired/Installation
    • Markets
      • Builders
      • Commercial
      • Design
      • Europe
      • Outdoors
      • Resimercial
      • Wellness
    • CE Pro Hub Pages
      • Savant
      • Bose
      • Inside Sound United
  • PRODUCTS
  • RESOURCES
    • Reports/Downloads
    • Buyer’s Guide
    • Webcasts
    • Podcasts
    • Integrator Jobs
    • Digital Edition
    • CE Pro-IQ
  • SUBSCRIBE
    • CEPRO PRINT EDITION
    • CEPRO DIGITAL EDITION
    • CEPRO NEWSLETTERS
    • CEDIA SHOW UPDATES
  • DISCOVER
    • Cedia Expo
      VISIT SITE
    • Commercial Integrator
      VISIT SITE
    • Security Sales
      VISIT SITE
    • Tech Decisions
      VISIT SITE
    • Campus Safety
      VISIT SITE
    • Design Well
      VISIT SITE
    • Total Tech Summit
      VISIT SITE
    • KBB Online
      VISIT SITE
    • AV-iQ
    • CE Pro-iQ
SUBSCRIBE CEDIA EXPO
POPULAR SEARCHES
News
Projects
Control
Audio Video
Security
Business Support
Markets
Devices/Equipment | Networking | News | Security
October 24, 2016

Home Automation and Cryptography Expert on DDoS Attack: Don’t Blame IoT

Blaming last week’s Internet outage on the rise of connected devices is just a convenient meme, says encryption expert Will Price, founder of the home automation provider Simple Control (Roomie Remote).
Julie Jacobson  
Blaming last week’s Internet outage on the rise of connected devices is just a convenient meme, says encryption expert Will Price, founder of the home automation provider Simple Control (Roomie Remote).
Article:
Devices/Equipment | Networking | News | Security
October 24, 2016

Home Automation and Cryptography Expert on DDoS Attack: Don’t Blame IoT

The widespread Internet outage last week has been traced to the infection of some 500,000 IP cameras and DVRs made by a single company in China – Hangzhou Xiongmai Technology – that shipped devices with weak default passwords.

But don’t indict the entire category of smart-home devices and the Internet of Things, says Will Price, founder of the home automation developer Simple Control (Roomie Remote) and an expert cryptographer who co-founded PGP, the company behind the most widely used email encryption software in the world (ultimately acquired by Symantec).

“A popular meme is that this [DDoS attack] is related to the ‘Internet of Things,’ but that's just a marketing buzzword,” Price tells CE Pro. “Very specific network camera DVRs and camera firmware was involved in this particular attack. The budding Internet of Things has no more to do with this than the advent of the Internet caused Windows XP security problems. It is the vendors releasing products not properly secured that are at fault.”

In this case, a botnet scoured the Internet for easy targets, trying 68 combinations of user names and passwords, such as “admin” and “12345,” depositing “Mirai” malware on vulnerable devices and then commanding the devices to flood the Web.

The hackers have released the source code used in the attack, so copycat crimes are inevitable.

Fortunately, the only damage from the attack seems to have been slow-running sites like Twitter, the ironic takedown of KrebsOnSecurity, and home automation systems like Wink that couldn’t connect.

“This is an infrastructure attack,” Price notes. “Regular users are not threatened by this.”

Even so, the disruption was a stark reminder to consumers that factory-set passwords need to be changed for all connected devices and a wake-up call to manufacturers to quit enabling hackable credentials.

How to Find Default Passwords: Online User Manuals

Security expert Brian Krebs of the eponymous site performed a quick online review of devices with pre-set usernames and passwords, simply by looking for the information in the manufacturers’ installation guides.

His list of potentially vulnerable devices include a Samsung Camera (admin/1111111), Ubiquiti AirOS Router (ubnt/ubnt), Axis IP cameras (root/pass), Panasonic printer (root/00000000) and numerous cameras and DVRs from Dahua, HiSilicon and others.

Price suggests, “Information on patching or even disconnecting vulnerable devices by specific models from the Internet needs to be more available – the equivalent of the airlines now announcing on every flight that Galaxy Note 7 devices are not allowed.”

Manufacturers should be publicly flogged for shipping smart devices with dumb defaults – or something like that.

“Vendors that continue to release products unpatched and vulnerable to these kinds of issues must be named and openly identified (usually end users have no idea this is even happening on their network) and for repeat offenders, shamed,” Price says.

Thwarting DDoS and other network attacks should be a national priority, he adds.

“DDoS is the primary attack mechanism in use today and defending against it requires needs nation-level oversight over routing and automatic DDoS detection and defense,” according to Price. “This infrastructure does not exist today so each of these events requires effectively a one-off solution.”

As it happens, the attack coincides with the U.S. government’s surrender of the Domain Name System (DNS) to an international body, ICANN. The target of the attack was Dyn, a major DNS provider.

“The U.S. is now in a much more precarious position than it was previously relative to DNS attacks,” Price says.

He warns that this most recent attack was just a practice run, like the test fire of a missile – “a warning that we need to get our infrastructure in place to defend in the future against significantly improved versions of this attack.”

In the meantime, change those usernames and passwords, people.

ABOUT THE AUTHOR

Julie Jacobson
Follow
Julie Jacobson:
Julie Jacobson is founding editor of CE Pro, the leading media brand for the home-technology channel. She has covered the smart-home industry since 1994, long before there was much of an Internet, let alone an Internet of things. Currently she studies, speaks, writes and rabble-rouses in the areas of home automation, security, networked A/V, wellness-related technology, biophilic design, and the business of home technology. Julie majored in Economics at the University of Michigan, spent a year abroad at Cambridge University, and earned an MBA from the University of Texas at Austin. She is a recipient of the annual CTA TechHome Leadership Award, and a CEDIA Fellows honoree. A washed-up Ultimate Frisbee player, Julie currently resides in San Antonio, Texas and sometimes St. Paul, Minn. Follow on Twitter: @juliejacobson
View Julie Jacobson's complete profile

ARTICLE TOPICS

Devices/Equipment • Networking • News • Security

ARTICLE TAGS

Cybersecurity • IoT • Wink

SHARE

Share On Facebook
Share On Twitter
Share On Linkedin
Share On Whatsapp
Share Via Email
Copy URL
← Previous Article Next Article →
Article Amplifiers/ReceiversAudio/VideoAV AccessoriesNewsSpeakers/Subwoofers

VOXX’s Premium Audio Brands Report Record Sales Year

Total 2022 revenues for VOXX's Premium Audio Co. brands Klipsch, Onkyo, Pioneer, Integra and Pioneer Elite hit $344M, up 14.7% from 2021.
Article Business SupportDistributors/RepsNews

Midwest Rep Firm Convergence Forms Bespoke Consulting Division

Convergence Partners launches Bespoke consulting aimed at helping luxury homeowners understand technology better.
Article Amplifiers/ReceiversAudio/VideoAV AccessoriesNewsSpeakers/Subwoofers

VOXX’s Premium Audio Brands Report Record Sales Year

Total 2022 revenues for VOXX's Premium Audio Co. brands Klipsch, Onkyo, Pioneer, Integra and Pioneer Elite hit $344M, up 14.7% from 2021.
Article Audio/VideoAV AccessoriesEventsInterfaces/DevicesISENewsOutdoorsProductsSpeakers/SubwoofersWireless AV

Russound Intros New Outdoor Speakers, Touchscreen, Bluetooth Source Kit

At ISE 2022, Russound announces rock, landscape speakers & outdoor subwoofers; XTS7 7” Android touchscreen; next-gen BSK-2 Bluetooth audio package.

SHOW NEWSLETTER

Sign Up

CE Pro

Subscribe Sign Up

Content Types

News
Products
Projects
Companies
Downloads
Webcasts
Podcasts
Events

Specials

IntegratorJobs
CEDIA EXPO
CE Pro 100
CE Pro Summit
Awards Programs

Company Info

About
Contact Us
Customer Service
Media Solutions & Advertising

Subscribe

Magazine
Newsletters
Digital Edition

Connect

Twitter
Facebook
LinkedIn
YouTube
RSS Feed

Categories

AUDIO/VIDEO
AV Accessories
AV Racks
Amplifiers/Receivers
Cabling
Displays
Furniture
Mounts/Lifts
Multiroom AV
Projector Screens
Speakers/Subwoofers
Wireless AV
CONTROL
Central Vac
Energy/Power
Interfaces/Devices
HVAC/IAQ
Lighting
Motorized Shades
Whole-House Systems
NETWORKING
Cellular
Devices/Equipment
Wireless
Wiring/Installation
SECURITY
Access Control
Alarms/Sensors
Services/Platforms
Surveillance Cameras
BUSINESS SUPPORT
Associations/Buying Groups
Distributors/Reps
Operations
Recurring Revenue
Research
Sales/Marketing
Software/Services
Tools/Testers
MARKETS
Builders
Commercial
Design
Europe
Outdoors
Wellness
FOLLOW US ON
  • Follow
  • Follow
  • Follow
  • Follow
  • Follow

© 2021 Emerald X, LLC. All Rights Reserved.

  • ABOUT
  • CAREERS
  • TERMS OF USE
  • PRIVACY POLICY