On the 5th Day of Christmas: 2018 Prediction
The Rise and Rise of the IoT, (and the ever increasing attack surface it creates!)
Have you ever sat down and counted all the devices in your house that have the capability to connect to the Internet? If you really go through the exercise carefully, the result can be pretty astounding. Your car? Your bathroom scales? Your watch? Games Console? Hairbrush!! (We’re not making this stuff up!). It seems that in 2017, if you can make it, you can ‘Smart-ify’ it. There are some IoT devices that just make you think why? The irony is, if a device is called the ‘SmartBlah-blah’, it’s likely to be far from ‘smart’, is probably not a good idea and is probably not part of the Internet of Things. No-one ever called Uber ‘Smart-Taxis’, or Deliveroo, ‘Smart-Takeaways’.
Many analysts think by 2020 there will be upwards of 50 Internet-connected devices per household compared to the current average of 10. But whilst we may be rushing out this Christmas to bag the latest ‘Smart Belt’, (again – we’re not making this up!), the ‘real’ IoT has nothing to do with clamping a microcomputer and a WiFi chip to everyday household goods. The real revolution is in big business and manufacturing across almost any sector you can think of; transportation, agriculture, education, retail, healthcare, sports and entertainment to name a few. For example, 25 out of the 40 vast vehicle assembly plants of the Ford Motor Company now use IoT technology to speed up communications and drive efficiencies.
However, many of you will remember the ‘Mirai‘ botnet from October last year. The malicious code continuously trawled the Internet for IoT devices that it could take over by simply trying to login into them using factory default or hardcoded user names and passwords. The code would then inject malware into the device which then enslaved the compromised device into a vast ‘Zombie BotNet’ of similarly affected devices.
In October 2016, this vast army of approx 300,000 devices were all instructed to flood a single DNS provider called ‘Dyn’ with so much traffic (up to 1.1Tbps) that their servers couldn’t then service legitimate DNS queries for their customers. The result was companies like Twitter, Netflix, Paypal and Reddit were unavailable for many customers for several hours. Today, the culprit behind the code pleaded guilty in an Alaskan court.
The obvious concern here is that there is almost definitely a vulnerability or two waiting to be discovered in a chipset, in firmware or in the software of a widely used industrial IoT device. Our morbid prediction #3 is that the Zombie BotNet apocalypse will visit a major household name with quite disastrous consequences in 2018…
