A slight diversion of focus for this post…this past Friday (Oct. 21st), there were large distributed denial-of-service attacks (targeted at servers maintained by the company Dyn) which affected many major sites, including Netflix and Twitter. It appears that thousands of the DDoS sources included “internet of things” devices like webcams…and some of those are now being recalled:
Webcams used to attack Reddit and Twitter recalled – http://www.bbc.com/news/technology-37750798
The Chinese electronics manufacturer Hangzhou Xiongmai stated that many of their cameras could be easily hacked since users didn’t bother to change the default password on their devices. A bigger issue is that some devices don’t even allow users to change a default password. The BBC article states “Security costs money and electronics firms want to make their IoT device as cheap as possible. Paying developers to write secure code might mean a gadget is late to market and is more expensive. Plus enforcing good security on these devices can make them harder to use – again that might hit sales.”
…So, they get a chance of a slightly greater profit margin at the risk of a massive cyberattack that knocks out hugely popular websites used daily by millions of people? And they risk the enormous expense of needing to recall and upgrade their devices after such an attack occurs? Hmm…lesson learned??