The Malignant Internet of Things
According to Business Insider, there will be an estimated 34 billion devices connected to the internet by 2020, with 24 billion of these being IoT devices. Paired with exponential growth in cloud computing, the internet of things is revolutionizing manufacturing, transportation, agriculture, and daily home life. However, a dangerous problem accompanies this massive growth in the Internet of Things: botnets.
Botnets are a network of hacked devices that do the biddings of a botnet ‘master’, and are typically composed of traditional devices like personal computers infected with a virus. However, this January it was revealed by Sucuri Security that a botnet of over 25,000 CCTV cameras were used to launch a distributed denial of service (DDoS) attack against a website. This form of attack is unconventional, but given that IoT devices are much less protected compared to personal computers or mobile devices, IoT botnets are likely to become the norm in the future.
So should companies and individuals take steps to mitigate this potential problem? This question boils down to a game of profits and losses. From the perspective of a company or individual, it is important to judge the potential damages that not investing in securing an IoT device (or product) may have, as opposed to the actual costs involved in doing so. From the perspective of a hacker, factors such as the profit that can be gained from acquiring a botnet of IoT devices versus the costs involved in acquiring one comes into play. After determining the potential profits and costs of each competing ‘player’ and their strategies, we may now apply game theory to make a decision. By adopting a mixed strategy we could even quantitatively determine either how much to invest in the security of IoT devices, or how much to pay for (or how much effort to put into hacking) compromised IoT devices.
Finally, with the projected growth in the number of IoT devices and with it the number of vulnerable devices connected to the internet, it may be a dominant strategy for everyone to invest in more secure devices. (While at the same time, it would be a dominant strategy for hackers to invest in IoT botnets.)
http://www.businessinsider.com/top-internet-of-things-trends-2016-1
http://www.scmagazine.com/malware-spawns-botnet-in-25000-connected-cctv-cameras/article/505945/
http://www.darkreading.com/iot/hacker-2016-to-do-list-botnet-all-the-things!/d/d-id/1323759