The Dark Side of the Internet of Things

From cameras to industrial controls to GPS systems, the increased connectivity of devices leads to increased risks.
Recent security research and a high-tech scam point up a disturbing number of vulnerabilities in devices and technologies that people have come to rely on. As more devices get linked together in an Internet of Things, the dark side of all the connectivity must be understood.

Case in point is the security implications that came from one researcher whose original goal was to scan the entire IPv4 address space. To do so, the researcher (who has not disclosed his or her identity), created a small software package for scanning IP addresses that could be remotely installed on unsecured devices. “Playing around” with the Nmap Scripting Engine (NSE) and using several basic username password combos, including “root:root” and “admin:admin” the unidentified researcher was able to log in to 420,000 devices and install the scanning code–in effect creating a botnet that the researcher could use to ping the Internet.

Many of the devices were consumer-grade routers and set-top boxes, according to a story in The Register, but the researcher also netted “Cisco and Juniper hardware, x86 equipment with crypto accelerator cards, industrial control systems, and physical door security systems,” according to the story.

Read more »