Last week witnessed a massive Distributed Denial of Service attack against Dyn.com, who provide DNS services to major websites. This had the effect of disrupting users of Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix. The ‘botnet’ that performed this DDoS attack was comprised of hacked IoT (Internet of Things) devices, partly comprised of Chinese-made digital video recorders and IP cameras. The devices had been compromised due to non-changeable credentials stored in the firmware.

The plain-English version of this is that due to a lack of good-security practice when building something as innocuous as an internet-connected camera, millions of these types of devices were surreptitiously conscripted into an army of ‘things’ that when commanded at the same time were able to essentially switch off one of the internet’s phone books. This prevented millions of people being able to watch their favourite show on Netflix.

This has major repercussions for cyber security. The IoT will supposedly create a society with extremes of usability, but at the expense of upsetting the required balance of security. My fear is that whilst we experience the advent of IoT we don’t actually know how to fully address the problem of being attacked by our own toasters!