How Millions of Digital Home Devices Are Secretly Powering Cyberattacks (yahoo.com)
- Reference: 0184013998
- News link: https://it.slashdot.org/story/26/06/20/2321236/how-millions-of-digital-home-devices-are-secretly-powering-cyberattacks
- Source link: https://finance.yahoo.com/video/millions-digital-home-devices-secretly-153600516.html
In a video report this week they tested two digital picture frames from Amazon and three streaming devices from Walmart "because we heard that they often ship with backdoor software used in cyberattacks. Security experts believe manufacturers are being paid to add this malware, but many people also get tricked into downloading the software onto their phones or computers... Within minutes of turning the devices on, there was a surge of internet traffic... Visits to gambling, porn, cryptocurrency and loads of other sketchy web sites started pouring in from users around the world." (And remote visitors also tried to access Outlook and Gmail accounts...)
Residential proxy companies even rent out access to "tens of millions of home networks around the world," according to the report. "But the problem is actually worse than that. Hackers figured out a way to seize control of these backdoors, and they started taking over these residential networks. Last month authorities arrested a 23-year-old Ottawa man, saying he'd taken control of more than a million devices to launch some of the largest cyberattacks anyone had ever seen.."
After a couple months the Journal's reporter collected logs of all the traffic, and sent it to an investigator at Comcast, who said both were conducting DDoS attacks. But estimate for the number of infected devices are as low as tens of millions or as high 500 million-plus. "We've seen nation state attacks launched through these kind of endpoints, which means your device sitting in your house is part of a nation state attack against another nation state... We've seen ad fraud, we've seen ticket scalping, we've seen financial fraud."
But more importantly, "We have seen some of the largest computer attacks — meaning computers attacking other computers at human request — ever recorded in our digital history in the last several months." At cybersecurity conferences, some are warning "there are much larger ones on the horizon if we don't get a hold of this problem."
The company making the picture frame "couldn't be reached for comment," while Amazon said it's been out of stock since last year. Both Amazon and Walmart said they take action when they confirm malware on a third-party product.
[1] https://finance.yahoo.com/video/millions-digital-home-devices-secretly-153600516.html
A searchable list? (Score:5, Insightful)
It would be quite useful to have a database to search and find out what devices I own have been shown as guilty.
Re:A searchable list? (Score:5, Informative)
No, it's easier to just post a fear-mongering article with no real substance. You can't have people actually *knowing* what tech is compromised or anything.
Voluntary problems are deserved problems. (Score:2)
I do not use Internet of Trifles junk anywhere on my network for what does not exist is not available for exploitation.
Craving such fecality is pathetic and any consequences deserved because they were invited.
Comcast's Faraday cage (Score:1)
Comcast's investigators have the right idea, the devices need to be quarantined in Faraday cages for comprehensive testing. They would know, Comcast owns one of the US's largest FCC registered deployments of Unlicensed National Information Infrastructure band one (U-NII-1) routers. U-NII-1 is everywhere, very little is publicly known about use of the band. These botnet devices could be networked on that range of the spectrum.
Re: (Score:3)
The summary says they are going thru a home router. It is one of the reasons I refuse to allow things like TSTat's to get a wifi password. I don't know what the thing is doing, so it doesn't get access. I think you are suggesting these pic frames etc are running thru some secret network, which I don't think is what the article is suggesting. They are saying they are running thru your network by contacting a bot master once connected to the network.
Re: Comcast's Faraday cage (Score:2)
The Faraday cage rules out the use of a secret network. Without isolating the hardware from all vectors of information, the possibility can't be eliminated. Comcast's testing indicates standard WiFi networking, most digital forensics wouldn't even consider U-NII-1 or secret wireless networks. The WSJ video shows off the Faraday gear, it's an interesting setup.
Wishful thinking (Score:5, Interesting)
I periodically go thru my network and enumerate every single device. Things like a picture frame do not get internet access. If a smart plug or light or other IoT device needs net, I won't buy it. My TVs don't get internet; they are either on a roku or a linux computer. Connected TVs send "home" screen shots. Roku can only scrape what I watch thru them, so no need to take a screen shot anyway. I had an amazon firetv cube with a third party network dongle to get better bandwidth than wifi. The dongle kept connecting to chinese IPs, even when the TV was off for days. That's when I started locking things down. That dongle went in the trash.
If only more people were so nerdily inclined, this would be less of a problem. I wish.
News for nerds (Score:2)
Welcome to 1995.
IoT SSID (Score:5, Informative)
Needs to be easier for end users to create IoT VLANs with default restrictions. I am getting to the point where I want to segment my IoT VLAN into different trust zones. Unfortunately there is some crap that has to sit in the "Guest" VLAN (which doesn't address the concern in TFS), but mostly I try to eliminate such products.
Re: IoT SSID (Score:1)
Apple had a decent enough solution with their certification for routers for Apple Home being able to restrict how such devices behaved after end of support. But I remember only two or so routers that actually had that cert and at least one stopped getting firmware updates six years ago or something.
Re: (Score:2)
The bigger problem is the number of old devices lying around with a ton of open vulnerabilities. Full disclosure to users of the EOL date, and preferably legislation that manufacturers HAVE to provide security updates for compromise vectors, would be a better set of fixes.
Re: IoT SSID (Score:1)
Krebs explained this months ago even though it was obvious well before that: [1]https://krebsonsecurity.com/20... [krebsonsecurity.com]
[1] https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/
Reccomended (Score:2)
Did it on my home LAN. It's not too hard on a Synology router. The only thing allowed through is a sprinkler controller's web interface facing inwards. The Synology also has a halfway decent IDS that looks for weird outgoing traffic.