{"id":16821,"date":"2016-12-01T05:00:32","date_gmt":"2016-12-01T13:00:32","guid":{"rendered":"http:\/\/www.yardi.com\/blog\/?p=16821"},"modified":"2020-12-24T21:55:58","modified_gmt":"2020-12-25T05:55:58","slug":"smart-homes-dumb-security","status":"publish","type":"post","link":"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/","title":{"rendered":"Smart Homes, Dumb Security"},"content":{"rendered":"<p>On October 21, 2016, many of the world\u2019s most popular websites were incapacitated by a series of distri<img loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-16833\" src=\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg\" alt=\"shutterstock_309691097\" width=\"555\" height=\"370\" srcset=\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg 1000w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg?resize=768,512 768w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg?w=400 400w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg?w=500 500w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg?w=600 600w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg?w=720 720w, https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg?w=800 800w\" sizes=\"auto, (max-width: 555px) 100vw, 555px\" \/>buted denial of service (DDoS) attacks. Users trying to blast off a tweet or listen to their favorite track on Spotify suddenly found themselves stranded on 404-error pages or stalled by perpetual \u201cloading\u201d messages on their browser. The culprit? Massive denial of service attacks overwhelming servers and cutting off access.<\/p>\n<p>While DDoS attacks are actually quite commonplace (though not always as widespread), this time the method of was a little different. Rather than travel along traditional online pathways, the attackers commandeered all manner of unsecured Wi-Fi-enabled devices to turn the internet of things into a battering ram. By exploiting the security vulnerabilities of connected gadgets, from fridges to DVRs, the latest attack highlighted the smart home\u2019s Achilles heel.<\/p>\n<p>Major DNS host Dyn told <a href=\"https:\/\/www.dynstatus.com\/incidents\/nlr4yrr162t8\" target=\"_blank\" rel=\"noopener\">CNBC in October<\/a> the attack was \u201cwell planned and executed, coming from tens of millions of IP addresses at the same time.\u201d<\/p>\n<p><strong>Taking Down Twitter<\/strong><\/p>\n<p>Why are DDoS attacks so effective? It starts the how Domain Name Services (DNS) work. The DNS operates in many ways like a traffic controller at a busy intersection. When users click a link to a webpage, the DNS directs that user to twitter. During a DDoS attack, the webpage itself is left unscathed, but all the roads leading to it are jammed with service requests in something akin to rush hour traffic. In effect, users are left stranded on the service highway, their destination in sight but with no means to get there.<\/p>\n<p>As security expert Bruce Schneier\u00a0<a href=\"https:\/\/www.schneier.com\/blog\/archives\/2016\/09\/someone_is_lear.html\" target=\"_blank\" rel=\"noopener\">explained in a recent blog post<\/a>, \u201cOver the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet.\u201d<\/p>\n<p>\u201cThese probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down.\u201d<\/p>\n<p><strong>Assessing the Damage<\/strong><\/p>\n<p>The October 21 attack incapacitated DNS providers across the US and Europe. Almost no type of website was spared, from consumer products to real estate listings to news sites. Pinterest, Zillow, Kayak, the New York Times\u2026all found themselves cut off from users as the DDoS ambush spread across the western hemisphere. The entire event lasted for hours, and while the damage hasn\u2019t been fully assessed, the greatest fear is what this level of infiltration means for the future of the internet.<\/p>\n<p>This is because the October attack significantly differed from previous incursions by groups like hacker collective Anonymous. In the past, perhaps one individual website was incapacitated for a short amount of time, like CNN. In this case, the DDoS attack was massive, taking out \u201ca major piece of the internet backbone for the entire morning \u2013 <a href=\"http:\/\/gizmodo.com\/this-is-probably-why-half-the-internet-shut-down-today-1788062835\" target=\"_blank\" rel=\"noopener\">not once, but twice<\/a>.\u201d<\/p>\n<p>\u201cThis event was not your conventional DDoS attack, writes Gizmodo\u2019s <a href=\"http:\/\/gizmodo.com\/everything-we-know-about-the-cyber-attack-that-crippled-1788147865\">William Turton<\/a>. \u201c Instead, it seems to be the first large-scale attack using IoT devices.\u201d<\/p>\n<p>\u201cBecause of the estimated billions of available unsecured IoT devices,\u201d he continues, \u201cthese attacks could allow for an unprecedented amount of DDoS power\u2014enough power to take down major pieces of internet infrastructure protected by some of the best DDoS mitigation in the business. That\u2019s exactly what we saw on [October 21].\u201d<\/p>\n<p><strong>A New Era of Threats<\/strong><\/p>\n<p>Assessing the aftermath of the October attack, Gizmodo writer <a href=\"http:\/\/gizmodo.com\/todays-brutal-ddos-attack-is-the-beginning-of-a-bleak-f-1788071976\" target=\"_blank\" rel=\"noopener\">Turton<\/a> warns of a bleak future full of political conspiracies and foreign hackers waging online war against their adversaries.<\/p>\n<p>\u201cDetails of the how the attack happened remain vague,\u201d writes Turton, \u201cbut one thing seems certain. Our internet is frightfully fragile in the face of increasingly sophisticated hacks.\u201d<\/p>\n<p>\u201cThis could be the beginning of a very bleak future,\u201d he concludes. \u201cIf hackers are able to take down the internet at will, what happens next?\u201d<\/p>\n<p>Unfortunately, it\u2019s the smart devices intended to make our lives easier that may pose the biggest threat. A <a href=\"https:\/\/www.akamai.com\/us\/en\/our-thinking\/state-of-the-internet-report\/global-state-of-the-internet-security-ddos-attack-reports.jsp\">new report<\/a> by Akamai, a leading content delivery network (CDN) services provider, places the blame squarely on the shoulders of the Internet of Things. While the Akamai report acknowledges that DDoS attacks decreased by 8% in 2016, the number of mega attacks \u2013 attacks that consumer over 100 Gbps of bandwidth \u2013 increased by 58%, and it\u2019s smart devices that are enabling hackers to harness this bandwidth.<\/p>\n<p><strong>Smart Things Security<\/strong><\/p>\n<p>To keep a home network clean and secure, Gizmodo\u2019s <a href=\"http:\/\/gizmodo.com\/your-unsecure-devices-contributed-to-a-huge-rise-in-int-1788995749\" target=\"_blank\" rel=\"noopener\">Alex Cranz<\/a> recommends following standard security protocol: change your password and turn on your router\u2019s firewall. Unfortunately, that\u2019s pretty much the entire scope of what consumers can do to mitigate attacks. Cranz points out manufacturers bear most of the burden of securing their devices and software. Until added levels of security are programmed into smart home appliances, says Blank, \u201cyou can expect to see more outages.\u201d<\/p>\n<p>\u201cThese devices have all become increasing popular over the last five years,\u201d writes Cranz, \u201cbut the security they employ is too sparse.\u201d<\/p>\n<p>\u201cThat leaves them a ripe target for hackers, who can infect them easily and deploy them en masse for gigantic attacks.\u201d<\/p>\n<p><a href=\"http:\/\/cosmoso.net\/gizmodo-is-wrong-ddos-attacks-are-not-evidence-of-a-bleak-future\/\" target=\"_blank\" rel=\"noopener\">Cosmoso.net<\/a>, on the other hand, isn\u2019t quite so pessimistic. Pointing out that the October attack focused on one DDoS Service provider (Dyn), Cosmoso\u2019s puts the emphasis on centralization rather than integration.<\/p>\n<p>\u201cToday, we saw a great example of the perils of monopolizing the net. A DDoS attack (distributed denial of service) that targeted one of the biggest DNS providers in the country ended up downing the websites of Twitter, Netflix, Amazon, Shopify, Spotify and thousands of other smaller businesses for a good 6 \u2013 7 hours. That sounds scary, for sure. However, the fact that all the services affected were using the same DNS service,\u00a0<a href=\"http:\/\/cosmoso.net\/leaving\/?url=http:\/\/dyn.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Dyn<\/strong><\/a>, means that internet businesses shouldn\u2019t all be using the same services to run their websites.\u201d<\/p>\n<p>\u201cLast I checked, the internet is so vast, with literally millions of new websites popping up every day, that it\u2019s not even close to accurate to say that anyone can &#8216;take down the internet.&#8217; If someone wanted to do that, they\u2019d have to do something a lot bigger than a simple DDoS attack at a DNS provider.&#8221;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On October 21, 2016, many of the world\u2019s most popular websites were incapacitated by a series of distributed denial of service (DDoS) attacks. Users trying to blast off a tweet or listen to their favorite track on Spotify suddenly found themselves stranded on 404-error pages or stalled by perpetual \u201cloading\u201d messages on their browser. The [&hellip;]<\/p>\n","protected":false},"author":103,"featured_media":16833,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_s2mail":"yes","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6],"tags":[9,1640,359,76],"class_list":["post-16821","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-consumer-technology","tag-cybersecurity","tag-online-security","tag-technology-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.4 (Yoast SEO v24.6) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Yardi Blog<\/title>\n<meta name=\"description\" content=\"On October 21, 2016, many of the world\u2019s most popular websites were incapacitated by a series of distributed denial of service (DDoS) attacks. Users\" \/>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Smart Homes, Dumb Security\" \/>\n<meta property=\"og:description\" content=\"On October 21, 2016, many of the world\u2019s most popular websites were incapacitated by a series of distributed denial of service (DDoS) attacks. Users\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Yardi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-12-01T13:00:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-12-25T05:55:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"667\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cutright Elizabeth\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cutright Elizabeth\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/\",\"url\":\"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/\",\"name\":\"Smart Homes, Dumb Security - Yardi Corporate Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg\",\"datePublished\":\"2016-12-01T13:00:32+00:00\",\"dateModified\":\"2020-12-25T05:55:58+00:00\",\"author\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/dba832121806bbec3d280d6cdde90b4d\"},\"description\":\"On October 21, 2016, many of the world\u2019s most popular websites were incapacitated by a series of distributed denial of service (DDoS) attacks. Users\",\"breadcrumb\":{\"@id\":\"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/#primaryimage\",\"url\":\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg\",\"contentUrl\":\"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg\",\"width\":1000,\"height\":667},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.yardi.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Smart Homes, Dumb Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.yardi.com\/blog\/#website\",\"url\":\"https:\/\/www.yardi.com\/blog\/\",\"name\":\"Yardi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.yardi.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/dba832121806bbec3d280d6cdde90b4d\",\"name\":\"Cutright Elizabeth\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4016b5eabd512619820fc63946d01cd983acc211f98fbc559a890a5b4b27c559?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4016b5eabd512619820fc63946d01cd983acc211f98fbc559a890a5b4b27c559?s=96&d=mm&r=g\",\"caption\":\"Cutright Elizabeth\"},\"description\":\"Elizabeth Cutright is an award-winning writer and editor with over 20 years of experience in journalism, publishing and online content creation. A film school grad with a law degree from the University of San Diego, outside of work Elizabeth can usually be found in the pool, on a hiking trail, or sampling Santa Barbara\u2019s latest vintage.\",\"url\":\"https:\/\/www.yardi.com\/blog\/author\/elizabeth-cutright-2\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Yardi Blog","description":"On October 21, 2016, many of the world\u2019s most popular websites were incapacitated by a series of distributed denial of service (DDoS) attacks. Users","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"Smart Homes, Dumb Security","og_description":"On October 21, 2016, many of the world\u2019s most popular websites were incapacitated by a series of distributed denial of service (DDoS) attacks. Users","og_url":"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/","og_site_name":"Yardi Blog","article_published_time":"2016-12-01T13:00:32+00:00","article_modified_time":"2020-12-25T05:55:58+00:00","og_image":[{"width":1000,"height":667,"url":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg","type":"image\/jpeg"}],"author":"Cutright Elizabeth","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Cutright Elizabeth","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/","url":"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/","name":"Smart Homes, Dumb Security - Yardi Corporate Blog","isPartOf":{"@id":"https:\/\/www.yardi.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/#primaryimage"},"image":{"@id":"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg","datePublished":"2016-12-01T13:00:32+00:00","dateModified":"2020-12-25T05:55:58+00:00","author":{"@id":"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/dba832121806bbec3d280d6cdde90b4d"},"description":"On October 21, 2016, many of the world\u2019s most popular websites were incapacitated by a series of distributed denial of service (DDoS) attacks. Users","breadcrumb":{"@id":"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/#primaryimage","url":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg","contentUrl":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg","width":1000,"height":667},{"@type":"BreadcrumbList","@id":"https:\/\/www.yardi.com\/blog\/smart-homes-dumb-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.yardi.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Smart Homes, Dumb Security"}]},{"@type":"WebSite","@id":"https:\/\/www.yardi.com\/blog\/#website","url":"https:\/\/www.yardi.com\/blog\/","name":"Yardi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.yardi.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/dba832121806bbec3d280d6cdde90b4d","name":"Cutright Elizabeth","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.yardi.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4016b5eabd512619820fc63946d01cd983acc211f98fbc559a890a5b4b27c559?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4016b5eabd512619820fc63946d01cd983acc211f98fbc559a890a5b4b27c559?s=96&d=mm&r=g","caption":"Cutright Elizabeth"},"description":"Elizabeth Cutright is an award-winning writer and editor with over 20 years of experience in journalism, publishing and online content creation. A film school grad with a law degree from the University of San Diego, outside of work Elizabeth can usually be found in the pool, on a hiking trail, or sampling Santa Barbara\u2019s latest vintage.","url":"https:\/\/www.yardi.com\/blog\/author\/elizabeth-cutright-2\/"}]}},"jetpack_featured_media_url":"https:\/\/www.yardi.com\/blog\/wp-content\/uploads\/sites\/15\/2016\/11\/shutterstock_309691097.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/posts\/16821","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/users\/103"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/comments?post=16821"}],"version-history":[{"count":5,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/posts\/16821\/revisions"}],"predecessor-version":[{"id":27651,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/posts\/16821\/revisions\/27651"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/media\/16833"}],"wp:attachment":[{"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/media?parent=16821"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/categories?post=16821"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yardi.com\/blog\/wp-json\/wp\/v2\/tags?post=16821"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}