What’s on your holiday shopping list this year? Fitness trackers? Smart home hubs? Maybe even a smart coffee mug? No matter how enchanting or convenient a smart device might seem, it never pays to be uninformed about the security risk inherent in the “Internet of Things” (IoT).
The problem is, it’s easy to forget such devices even have a security risk, and often users run home routers, cameras and the like using default passwords and out-of-date open-source software. Sometimes the devices aren’t even powerful enough to have their code updated, making them the perfect target for hackers. That was the case with Linux.Darlloz, a worm first discovered in November 2013. Darlloz targeted Intel x86 systems by randomly generating IP addresses and sending HTTP POST requests. Eventually, Darlloz worked its way through the IoT, and by spring 2014 had moved to PCs in an attempt to mine cryptocurrency by installing “cpuminer” to scour machines for bitcoin spinoffs mincoins and dogecoins. By March 2014, nearly 32,000 devices across the globe were estimated to be infected with Darlloz, with a third of the cases in IoT devices.
Despite the risks, it’s possible to stay out of trouble with the IoT by following the same age-old security advice: Change default usernames and passwords. Use the latest version of software. Install security patches as soon as possible upon release. For added protection, block connections on ports 23 and 80 if possible.
Photo: metamorworks / Shutterstock.
