The UK-based consumer security company BullGuard has developed an Internet of Things Scanner that lets you check if your device is available for public access — As of now, nearly 200 million devices could be vulnerable.
If you remember the 1 Tbps DDoS attack on French-based OVH hosting company you may also remember that it was conducted through Mirai botnet by hacking 145,000 IoT devices. But how would you feel if someone told you there are millions of internet-connected devices vulnerable to hacking that can be used for cyber attacks?
Yes, according to BullGuard there could be more than 185 million Internet-connected devices that are unprotected and vulnerable to hacking attacks.
These figures were collected based on scan results through BullGuard’s Internet of Things Scanner that allows users to go for a unique scan and see if their internet-connected devices at home are public on Shodan. If the devices are on Shodan, that means the devices are available for public access.
Shodan is a search engine that lets the user find specific types of computers connected to the Internet using a variety of filters.
At the time of writing, there were about 100,000 users who scanned their IPs on BullGuard’s Internet of Things Scanner out of which 4.6% revealed vulnerabilities. It may seem a small figure but reality is that there are about four billion Internet-connected devices worldwide and 4.6% makes almost 185 million of them vulnerable.
Although it is unclear how many hacked devices were used in Dyn DDoS attack, the researchers were able to detect 10s of millions of hacked IP addresses utilized by hackers during the attack whilst the number of IoT devices will increase to 50 billion by 2020. More devices mean more vulnerabilities and more opportunities for hackers to conduct large-scale DDoS attacks that can shut down the Internet.
While commenting on Dyn’s attack CEO of BullGuard Mr. Paul Lipman said the attack was just a small proportion of vulnerable devices however with the increase of Internet-connected devices things can only get worse. People really need to secure their devices.
“Even though the Internet of Things is in its relative infancy, this attack shows how just a small proportion of vulnerable devices can cause real concern,” said Paul Lipman. “We’re fortunate that this incident was relatively benign, but it is a timely reminder that security cannot be an afterthought in this emerging market. We would urge people to be vigilant and take the necessary steps to ensure that basic security measures are in place,” Lipman concluded.
Remember, currently, hackers are using Bashlite or Lizkebab, Luabot and Mirai malware etc to turn IoT devices into DDoS botnet that uses your devices to carry attacks websites and servers. If you own an IoT device feel free to change its default credentials using a strong password.
Don’t forget to use this free BullGuard IoT Scanner to scan your network and see if your devices are available for public access. You can also visit BullGuard’s IoT Consumer Guide that will assist you on how to keep your IoT devices secure from hackers.