Limp IoT security crashes world’s leading websites

Some of the world's top websites were taken offline due to a recent DDoS attack that was carried out by hijacking IoT devices.

Hackers harnessing Internet of Things (IoT) devices, including smart lights, have crashed some of the world’s biggest websites including Spotify, PayPal and Twitter.

It is no secret, as revenues from LEDs fade, that the lighting industry is placing a big pile of gambling chips on the success of the Internet of Things, but the hack marks the second major security breach in as many months, suggesting IoT is not yet ready for the big leagues.

A handful of the world’s top websites were targeted during the attack, including The New York Times, CNN and Amazon, making this the most high profile attack to date and one aimed at disrupting the very fabric of the internet in the United States.

The attack was carried by hijacking thousands of IoT devices, which had previously been infected with malicious code allowing attackers to take control of them. The attackers were then able to perform a denial of service (DDoS) by getting the enslaved devices to flood the chosen websites with messages, causing them to crash.

While a claim of responsibility is yet to be made for the attacks, it has been claimed on Twitter that WikiLeaks were responsible.


A tweet issued by WikiLeaks after the DDoS attack on some of the world's leading websites.

Earlier in the month American internet provider OVH was targeted in an attack that involved the manipulation of 150,000 IoT devices.

‘Companies are simply not doing enough to improve IoT security and there is a lack of awareness and a certain laziness in their attitude towards the issue,’ Ken Munro of ethical hacking firm Penetration testing and security services, which identifies weaknesses in internet security, told Lux.

‘Companies are simply not doing enough to improve IoT security and there is a lack of awareness and a certain laziness in their attitude towards the issue.’

Ken Munro - ethical hacking firm - Penetration

The IoT powered onslaughts are worsening because of the release of the Mirai botnet source code into the public domain. The code contains the necessary information needed to hack into IoT devices and ultilise them for use in DDoS attacks.

Security experts are worried that IoT devices are being built upon outdated operating systems using code that has not been properly tested for security loopholes, which hackers will exploit. The devices are then being rushed to market.

Munro believes that IoT manufacturers need to act now to prevent much more serious security breeches in the future.

‘Governments are becoming more and more concerned about the security risks that IoT poses, and the UK, US and EU governments are even considering legislation to compel firms to act,' Munroe concluded.

The US Congress, for example, is currently mulling installing some kind of consumer protection into law to protect IoT consumer’s privacy, although talks are still at a very early stage, calls to act though are likely to speed up after this latest attack. 

  • Hacking will be dicussed in the IoT Arena at this year's Lux Live. In a unique live demonstration, Ken Munroe of Penetration testing and   security services, the UK’s leading ethical hackers, will conduct live penetration testing to explore the robustness of the systems produced by the industry. You can find out more here. The LuxLive 2016 exhibition will be held in London on Wednesday 23 November and Thursday 24 November 2016. Ken Munroe's talk will take place at 11:00am on Thursday 24th of Novemeber in the IoT Arena.