Over the weekend you might have noticed some issues on your favourite interwebs as there was a rather impressively sized DDOS attack going on. The attack was a mix of old and new techniques; they leveraged the uPNP protocol which has always been a favourite vector but the equipment hijacked were IoT appliances. The processing power available in toasters, DVRs and even webcams is now sufficient to be utilized and is generally a damned sight easier to control than even an old unpatched XP machine. This does not spell the end of the world which will likely be predicted on the cable news networks but does further illustrate the danger in companies producing inherently insecure IoT devices. If you are not sure what uPNP is, or are aware but do not currently need it, consider disabling it on your router or think about setting up something along the lines of ye olde three router solution.
"Brace yourselves. The rest of the media is going to be calling this an “IoT DDOS” and the hype will spin out of control. Hype aside, the facts on the ground make it look like an extremely large distributed denial-of-service attack (DDOS) was just carried out using mostly household appliances (145,607 of them!) rather than grandma’s old Win XP system running on Pentiums."
Here is some more Tech News from around the web:
- Sad reality: It's cheaper to get hacked than build strong IT defenses @ The Register
- ITRI cooperates with Nvidia to develop self-driving technology @ DigiTimes
- Surface Pro 3 branded battery borkage continues @ The Register
- OpenSSL swats a dozen bugs, one notable nasty @ The Register
- iOS 10 makes it easier to crack iPhone back-ups, says security firm @ The Register
- Double KO! Capcom's Street Fighter V installs hidden rootkit on PCs @ The Register
- Ig Nobel Prizes: GoatMan, Volkswagen, and the Personalities of Rocks @ Hack a Day