The Internet of Things (IoT) is the name given to describe the relatively new technology that connects everyday objects and devices to the web to provide additional data or functionality. But in the race to create that next “it” product that no one can live without (smart fry pans anyone?), manufacturers and users are creating dangerous side effects known as botnets.
The term botnet simply means a group of internet-connected devices controlled by a central system. But the term is most often used in conjunction with a particular type of malicious hacking, especially Distributed Denial of Service Attacks (DDoS attacks). In this case, a hacker uses a large botnet group of internet-connected devices to flood a website or network resource with fake requests so that legitimate users cannot access it.
By using a botnet with hundreds or even thousands of devices, all with their own unique IP addresses, the hacker makes it almost impossible to stop the attack or distinguish legitimate users from fake ones.
Now, botnets are not new. Since as early as 2000, hackers have been using botnets by gaining access to unsecured devices (usually computers then) in order to create these DDoS attacks. But the Internet of Things has made the problem much worse.
The market has been flooded with inexpensive devices — webcams, baby monitors, thermostats, and yes, even yoga mats and fry pans — that connect to the Internet, each of which has its own IP address. But these devices have little or no built-in security, and even when they do, users often neglect to even take the basic step of setting a password for them.
That makes them easy targets for hackers wanting to create and use a botnet.
In October of 2016, a botnet comprised of an estimated 100,000 unsecured IoT devices took an integral Internet infrastructure provider, Dyn, partially offline. As a result, many high-profile and high-traffic websites, including Netflix and Twitter, disappeared from the Internet for a short time.