Story image

Internet of Things or Internet of Trouble?

03 Nov 2016

The recent cyber-attack in the United States via the Internet of Things has re-focused attention on the potential threat for New Zealand. 

The source of the angst was default usernames and passwords, and a piece of malware called Mirai that scans the internet for devices still with factory default or static usernames and passwords.  

Mirai took control of those devices, turning them into bots in a united force to overload networks and servers with multiple requests resulting in slow speeds or even shutdowns.

The impact was significant with the distributed denial of service (DDoS) attack against Dyn, a managed DNS provider, crippling sites including Twitter, Netflix, Spotify, Reddit and many others.

According to local cloud IT services company, Dynamo6, the event has highlighted the potential for the same to happen in New Zealand.

“While there are no NZ statistics on how many people don’t change default passwords and usernames, the figures are likely to be similar to overseas, which opens us up to attack. If this happens, there’s potential for damage to our reputation as an easy and open place for business,” says Igor Matich, managing director, Dynamo6.

“But the problem doesn’t only lie with consumers but also with manufacturers and vendors of IoT devices.  Better practices need to be adopted to make sure devices are cloud managed and use cloud identities for configuration,” he says.   

An example is the Google OnHub router that uses a Google account to manage the device along with a dedicated mobile app.  In this way a trusted account is used and also linked to other key identities rather than some other user account setup and stored on the device itself.

“Anyone can produce an IoT device and this is worrying when there aren’t proper standards and practices,” Matich says. 

To the unsuspecting consumer these IoT devices may seem like a great idea for a smart home or office but without the necessary infrastructure they can leave the door open to major security issues, similar to what happened across the US,” he explains.

Matich says IoT devices should never remain on the Internet without ongoing security updates and management. This should happen as a matter of course however, with the eagerness of companies to capitalise on the IoT trend the importance of this can be forgotten.

“The best piece of advice is to only buy from a trusted vendor and always change the default username and password, and update them regularly.  There are many corners being cut in the rush but this risks a major security breach that would harm New Zealand’s international reputation,” he explains.

SAS partners with NVIDIA on deep learning and computer vision
“By partnering with NVIDIA, we combine our strengths to augment human intelligence and realise the true potential of AI.” 
Why businesses must embrace automation to ensure success
“For many younger workers, the traditional view of a steady job at one company, perhaps for life, simply doesn’t reflect reality."
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Microsoft appoints new commercial and partner business director
Bowden already has almost a decade of Microsoft relationship management experience under her belt, having joined the business in 2010.
How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."
Kinetica launches a new active analytics platform
"With the platform now powered by NVIDIA DGX-2, customers can build smart analytical applications that combine historical data analytics and ML-powered analytics."
Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.