Story image

Internet of Things or Internet of Trouble?

03 Nov 16

The recent cyber-attack in the United States via the Internet of Things has re-focused attention on the potential threat for New Zealand. 

The source of the angst was default usernames and passwords, and a piece of malware called Mirai that scans the internet for devices still with factory default or static usernames and passwords.  

Mirai took control of those devices, turning them into bots in a united force to overload networks and servers with multiple requests resulting in slow speeds or even shutdowns.

The impact was significant with the distributed denial of service (DDoS) attack against Dyn, a managed DNS provider, crippling sites including Twitter, Netflix, Spotify, Reddit and many others.

According to local cloud IT services company, Dynamo6, the event has highlighted the potential for the same to happen in New Zealand.

“While there are no NZ statistics on how many people don’t change default passwords and usernames, the figures are likely to be similar to overseas, which opens us up to attack. If this happens, there’s potential for damage to our reputation as an easy and open place for business,” says Igor Matich, managing director, Dynamo6.

“But the problem doesn’t only lie with consumers but also with manufacturers and vendors of IoT devices.  Better practices need to be adopted to make sure devices are cloud managed and use cloud identities for configuration,” he says.   

An example is the Google OnHub router that uses a Google account to manage the device along with a dedicated mobile app.  In this way a trusted account is used and also linked to other key identities rather than some other user account setup and stored on the device itself.

“Anyone can produce an IoT device and this is worrying when there aren’t proper standards and practices,” Matich says. 

To the unsuspecting consumer these IoT devices may seem like a great idea for a smart home or office but without the necessary infrastructure they can leave the door open to major security issues, similar to what happened across the US,” he explains.

Matich says IoT devices should never remain on the Internet without ongoing security updates and management. This should happen as a matter of course however, with the eagerness of companies to capitalise on the IoT trend the importance of this can be forgotten.

“The best piece of advice is to only buy from a trusted vendor and always change the default username and password, and update them regularly.  There are many corners being cut in the rush but this risks a major security breach that would harm New Zealand’s international reputation,” he explains.

Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.