The Internet of Things worm Mirai, which published the source code, made a big news in less than a month. On October 21st, a large number of users in North America found that important websites such as Twitter, Netflix, Paypal, and GitHub were inaccessible, and the situation lasted for 6 hours. A large number of media descriptions said that "half of the American world is paralyzed."
The main reason for this incident is that DYN, a well-known DNS service provider that provides domain name resolution services for US Internet companies, has suffered DDoS attacks from tens of millions of IPs. The main source of attack is the Mirai botnet, which has controlled hundreds of thousands of IoT devices such as cameras, routers, and DVRs (DVRs) are still growing rapidly.
DDoS is the most popular network attack mode. The attacked network will be inaccessible. Enterprises such as e-commerce and social networks will suffer huge losses due to inaccessibility, and IoT devices will double the power of DDoS attacks. Not long ago, the Mirai botnet once launched a DDoS attack on 1Tb of attack traffic per second to French server hosting companies by controlling 145,000 cameras. The peak traffic broke the history.
"Traditional servers, PCs and other terminals already have mature DDoS capabilities, but IoT devices are basically zero in this area and are easily controlled." A security department in China told reporters: "And, Infected IoT devices are hard to find and difficult to prevent. Domestic websites are also likely to become targets."
The security crisis of the Internet of ThingsFrom a security perspective, most IoT devices are barely exposed.
The most obvious manifestation is the weak password problem. Many industry insiders said that "10345, 1234, password" and other simple passwords can control more than 10% of the devices. According to the analysis report released by Antiy Safety Research and Emergency Processing Center, some of the well-known companies including Cisico, Sumsung, Dreambox, UOB, and ZTE have a single default password.
Mirai has scanned the Internet efficiently with more than 60 sets of passwords. The source code has been controlled by 380,000 IoT devices since its release. Compared to DDoS attacks initiated by zombie hosts and servers, IoT devices are almost equivalent to cheap, broiler chickens with no threshold and no cost.
A security industry official told reporters: "In the past, botnets controlled tens of thousands of terminals at most, compared with this." According to the latest article released by 360, the number of IoT terminals infected with Mirai has exceeded 720,000. And maintain a high speed, stable expansion speed.
Most IoT devices are mainly used in private networks or non-networked areas at the beginning of design, and do not use the Internet as an application scenario. For example, the security camera is initially stored on the hard disk, and its product features mainly consider the features such as codec and definition. But as the number of cameras increases, more and more devices need remote control capabilities, and as a result, they begin to connect to the Internet. At this point, the lack of security protection began to be exposed on a large scale.
"PCs and server devices have been designed with security protection in mind. Even if they are controlled, they can be processed and cleared quickly after discovery. However, IoT devices do not have the ability to design traceability, auditing, etc., infected Internet of Things. Equipment, it is difficult to get rid of the botnet." The aforementioned security department told reporters that "'bricks' are also distributed around the world, the power of DDoS is rapidly amplified on the Internet of Things, and it is difficult to introduce an emergency mechanism to deal with This problem. This kind of attack problem may be more and more."
Internet of Things security budget is less than 1%For the entire Internet of Things, the outbreak of security issues has just begun.
According to Gartner, an internationally renowned analyst, the number of devices connected to the world reached 4.9 billion units in 2015, and is expected to grow by 30% in 2016 to 6.4 billion units. Among them, there are about 4.02 billion personal consumer electronic products, and the number of IoT devices in the industry is about 2.37 billion. By 2020, the number of types of equipment will reach 13.5 billion units and 6.3 billion units, respectively, totaling 19.8 billion units.
According to Gartner's analysis, “As the Internet of Things collects a large amount of high-value data such as personal health and factory production, companies must pay attention to security issues.†At present, the security of the Internet of Things has broken out in the DDoS field, but in the future, data leakage and leaks will inevitably occur. Security incidents, the losses they bring are far less comparable than DDoS attacks.
In 2015, the well-known security company Hikvision had a black swan incident, and its product loopholes broke out in security incidents, causing some devices to be controlled by overseas IP. The Jiangsu Provincial Public Security Bureau issued a document requesting the public security organs at all levels in the province to conduct a comprehensive inventory of Hikvision equipment and carry out security reinforcement.
In this US network incident, Krebs on Security, a foreign security analysis website, pointed out that the infected DVR and camera equipment mainly came from two Chinese companies, Hangzhou Xiongmai Information Technology Co., Ltd. and Zhejiang Dahua Technology Co., Ltd. Most camera companies offer camera modules, while the latter offer a range of products for video storage, front-end, display control and intelligent transportation.
“A lot of IoT companies have begun to try to find a security solution,†a person from a domestic chip company told reporters: “The camera is now a key area of ​​security issues, and some companies are beginning to try to increase the way security chips are used for hardware encryption.†Of course, there are also Some companies are more concerned about "how much will hardware encryption increase?"
In 2015, the security costs incurred to address IoT security issues were less than 1% of the industry's annual budget. Gartner predicts that this ratio will need to increase to 20% by 2020.
The aforementioned security sources pointed out: "Now, the security of the Internet of Things involves front-end devices, transmission links, back-end management platforms and data protocols, a wide variety of devices, and different communication protocols. It is difficult to solve the Internet of Things through a solution. Security issues. There are a lot of gaps in standards now, and the relevant departments are preparing for these things."
LED Underwater light,Full colour underwater luminaires,Waterproof lighting underwater lamp
Kindwin Technology (H.K.) Limited , https://www.ktlleds.com