DVRs Used in DynDNS DDoS Attacks 'Particularly Insecure,' Not Typical Devices, NCTA Says
NCTA Senior Director-Digital Strategy John Solit said the DVRs that were among connected devices used as vehicles for the October distributed denial-of-service attacks against DynDNS “were particularly insecure. The DVR that your TV provider gives you is vastly more safe and protected.” The Dyn DDoS attacks caused outages and latency for multiple major U.S. websites, including Netflix and Twitter (see 1610210056). The attacks led to increased congressional scrutiny of IoT cybersecurity, including a November joint House Commerce Communications/Trade Subcommittee hearing (see 1610260067 and 1611150059). “There’s no way to 100 percent guarantee any device connected to the internet is secure or that it can’t be used in a DDoS attack,” Solit said in a Thursday blog post. “There’s more work to be done to make sure DVRs and all web-connected devices, including those provided by TV and internet companies, are as secure as possible.” Solit noted a recent Broadband Internet Technical Advisory Group report that included guidelines and recommendations aimed at helping consumer IoT manufacturers and other providers improve device privacy and security (see 1611220030). “While standards are getting sorted out and agreed upon, there are basic precautions everyone can take to better protect their homes and devices,” Solit said. “At a minimum, change the default password on all of your internet connected devices and make sure your home network firewalls are up and running.”