Some of the largest cyber attacks in recent memory have employed an army of connected home devices to achieve their goals. This co-opting of connected home devices owned by consumers around the world occurs without those consumers’ knowledge or consent. For example, in mid-September, several thousand devices—home routers, Internet-connected video cameras, and digital video recorders—were used to create a “botnet” that collectively pounded the security researcher Brian Krebs’ website with 620 gigabits of data per second. At the time, the attack was thought to be the largest in history. An even larger army was assembled a few days later for an attack on the French hosting provider OVH that peaked at over one terabit of traffic per second. These distributed denial-of-service attacks were successful because they exploited basic security vulnerabilities in connected home devices, such as default passwords used to access administrator settings.
This week, the Online Trust Alliance turned its attention from manufacturers to consumers by releasing a checklist of basic steps that consumers can take to improve the privacy and security “hygiene” of their connected home and wearable devices. Just as smoke detectors require periodic battery changes, the OTA warns that IoT devices also benefit from regular checkups.