There has been a lot of talk lately about the potential for the Internet of things—just this week Intel threw its hat into the ring. The Internet of things will connect all manner of devices, including household appliances, to the Internet.
One thing that few vendors have talked about though is security for the Internet of things. At the SecTor security conference in Toronto this week, Ross Barrett, senior manager for Security Engineering at Rapid7, said that from where he sits, security is an afterthought with the Internet of things.
That’s not a good thing.
In Barrett’s estimation, the logical conclusion to having a lack of security in the Internet of things is that there will be Internet of things botnets. Botnets are large groupings of compromised devices that are controlled by an attacker to attack targets.
“You’ve got all these devices that are connected, that are easy to hack and are on the network and they are hard to patch,” Barrett said. “They will be compromised and will become part of botnets.”
Even though many of the devices that are likely to be on the Internet of things will only have small bits of computational power or direct bandwidth, they will become part of larger botnet used for distributed attacks, he said.
For example, if you get an Internet-enabled refrigerator or toaster and don’t secure it properly with a firewall and don’t update the firmware for patches, it could become part of a botnet.
That’s right. At some point in the near future we could have a distributed denial-of-service (DDoS) attack powered by toasters and refrigerators. This might sound whimsical, but it’s no joke. Botnets today are made up of millions of infected PCs and can rain down 100 gigabits per second of traffic on a victim’s site, grinding it down to a halt.
While there are hundreds of millions of devices in use on the Internet today, the Internet of things will expand the connection to tens of billions of things. The potential for evildoers is massive, and it is exceedingly terrifying.
Quite literally, our “things” can be turned against us (and others).
Is this all just FUD (fear, uncertainly and doubt)? I don’t think so. I’ve seen how unprotected devices are picked up in botnets, and it’s dead easy. New types of firewalls and protection policies will need to be put in place, and the complexity of security management will expand with the Internet of things too.
The right thing to do is to be concerned about this issue now and to put in place procedures, policies and technologies on devices and on the network to mitigate the risk. Otherwise, the Toaster Botnet Apocalypse will be upon us before we can smell the burnt toast.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.