The security around the development of Internet of Things products is weak and U.S. Sen. Mark R. Warner (D-Va.) today sent a letter to the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) and the Department of Homeland Security (DHS) to ask why and what can be done to fix the problem.
In the letter Warner, who is member of the Senate Select Committee on Intelligence and co-founder of the bipartisan Senate Cybersecurity Caucus, asked questions such as: What types of network management practices are available for internet service providers to respond to DDoS threats? And would it be a reasonable network management practice for ISPs to designate insecure network devices as “insecure” and thereby deny them connections to their networks, including by refraining from assigning devices IP addresses?
+More on Network World: DoJ: What does it take to prosecute federal computer crimes?+
“The weak security of many of the new connected consumer devices provides an attractive target for attackers, leveraging the bandwidth and processing power of millions of devices, many of them with few privacy or security measures, to swamp internet sites and servers with an overwhelming volume of traffic,” Sen. Warner said in a statement. “I am interested in a range of expert opinions and meaningful action on new and improved tools to better protect American consumers, manufacturers, retailers, Internet sites and service providers.”
Weak security features in many of IoT products can enable access to user data by hackers, create easy entry points to home or work networks, and allow hackers to hijack devices into enormous botnets used to send crippling amounts of data to specific internet sites and servers, Warner said. “Botnets are frequently referred to as ‘zombie computers,’ the metaphor is appropriate: bad actors infect unsuspecting computers and network devices with malware, sending remote commands to hordes of compromised computers to maliciously cripple parts of the Internet. Experts say that is what occurred on [last] Friday, temporarily affecting Twitter, Netflix, PayPal and other popular sites.”