Twitter, Spotify, Netflix and dozens of other major websites were taken down by botnets built from compromised Internet of Things devices.
Homeland Security said it had held a conference call with 18 major communication service providers shortly after the attack began and was working to develop a new set of “strategic principles” for securing internet-connected devices.
DHS said its National Cybersecurity and Communications Integration Centre was working with companies, law enforcement and researchers to cope with attacks made possible by the rapidly expanding number of smart gadgets that make up the Internet of Things.
Already two manufacturers whose devices had been hijacked for the attack pledged Monday to try to fix them. Chinese firm Hangzhou Xiongmai Technology, which makes components for surveillance cameras, said it would recall some products from the United States. Dahua Technology, acknowledged that some of its older cameras and video recorders were vulnerable to attacks when users had not changed the default passwords. Like Xiongmai, it said it would offer firmware updates on its website to fix the problem and would give discounts to customers who wanted to exchange their gear.
But the fear is that the majority of IoT devices are never going to be fixed because it would cost manufactures too much.
Basically they have to be issued with better passwords, mechanisms for updates and some onboard security. This is somewhat a lot to ask of a lightbulb.
What is possible is that the manufacturers could agree on some unified software and insist on better standards.