IoT: A Cause for Celebration and Precaution

Are you familiar with the Carna Botnet? If not, you really should be. Back in 2012, an anonymous hacker set out to “measure” the Internet in a survey entitled The Internet Census of 2012.   Enlisting the Nmap Scripting Engine, every publicly addressable IP address was scanned with the goal of finding just what was out there. More importantly, the census wanted to learn how many of those devices were unprotected.   Sadly, it found a lot of them.

While quite a few of the discovered devices were consumer-grade, many were IPsec routers, BGP routers, x86 equipment with crypto accelerator cards, industrial control systems, physical door security systems, big Cisco/Juniper equipment, and so on.   Finding these enterprise devices was not surprising, but far too many were still configured to accept default login credentials such as root/root and admin/admin. Ultimately, approximately 420,000 unprotected devices were discovered and the hacker was able to load scanning code onto them that allowed him or her to essentially probe the entire Internet.

In my latest article for No Jitter, I discuss how security and privacy need to be factored into all the Internet of Things (IoT) devices we are deploying.

IoT: A Cause for Celebration and Precaution


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: