Analysis

Bringing justice to the wild, wild IoT

3rd May 2017
Joe Bush
0

The phrase vigilante justice immediately conjures up images of classic westerns, where screen legends such as Clint Eastwood and John Wayne rode across the plains to make sure some ne’er-do-well bandits or cattle rustlers got their comeuppance and brought peace to the wild, wild west.

Stories from this iconic period in US history are legendary and are not purely an invention of the silver screen. Outlaws roamed towns such as Dodge City and Tombstone, overwhelming the authorities and thriving wherever law enforcement was lax. Whenever things got too bad, citizens would sometimes band together and try to take matters into their own hands, dishing out retribution themselves. In many ways this environment is mirrored in the modern day Internet of Things (IoT), as Alan Grau, Icon Labs, explains.

Recently, due to a lax environment for IoT device cyber security, a hacker, self-proclaimed as ‘The Janitor’, launched their own vigilante style cyber attack. This targeted devices that failed to meet basic cyber security requirements, such as not requiring end users to change default passwords. The attack modified critical code and/or data stored on these devices to ‘brick’ the devices, thereby rendering them unusable.

The Janitor, in a manifesto released accompanying the cyber attack, said they liked to think of themselves as ‘a doctor’ and described the attack as a sort of ‘cyber chemotherapy’. Just as chemotherapy is an extreme action taken to rid the body of harmful cells, the cyber attack would rid the internet of IoT devices that the hacker felt contributed to the internet becoming ‘seriously ill’.

Vigilante justice and the IoT

The recent Mirai attack, in which thousands of insecure IoT devices were used to create a botnet that launched cyber attacks, was cited as justification. The hacker’s rationale was that these unprotected devices leave us all vulnerable to cyber attacks that could inflict serious damage on us as a society. As you may recall, last year’s Mirai DDoS attack shut down the websites of major companies, bringing e-commerce to a halt in some locations. The hacker wants to prevent these types of attacks from happening again and their actions, while clearly illegal, highlight an important issue. Despite the growing threat of attack, companies are not adequately investing in security. 

Until companies appreciate the risk involved in distributing unsecured devices, cyber attacks will continue to occur. Regardless of the motivation behind the attack, ultimately, it is those OEMs that produce products lacking security that are mostly to blame. Just as societies without strong law enforcement result in higher crime rates and vigilante justice, lax security results in increased cyber crime.

Product Spotlight

Upcoming Events

View all events
Newsletter
Latest global electronics news
© Copyright 2024 Electronic Specifier