Your smart refrigerator could one day attack your bank, and you probably wouldn’t even know it.
As connected devices become more popular in homes and businesses, experts say hackers may eventually be able to use them for a long-running tech threat: botnets.
Botnets occur when multiple devices are infected with malicious code and formed into a network, said Robert Clyde, the board director of Rolling Meadows-based global information systems association ISACA.
Once hacked, the devices send information back to the hacker controlling the network, Clyde said. The more devices a botnet has control of, the more powerful it can be.
“As long as the bad guys own your device, they may be searching your device or searching the network it’s connected to to see what else they can infect,” Clyde said. “They may be searching for info like credit cards that can be sold on the dark web.”
With a larger-scale botnet, hackers can command devices like a small army, directing them en masse to attack a website or an Internet server. Hackers can buy botnet services on the dark web, or sell a bot network as a tool.
Traditionally, botnets are made up of PCs and routers. If that old computer at grandma’s was running slow, for example, it could have been part of a botnet. They run incognito, and a slowdown may be the only sign a device is infected.
Most Internet of Things devices are still too primitive to be useful in a botnet — their simplistic operating systems can’t handle it, Clyde said. But he has seen botnets rope in more sophisticated surveillance cameras. Smart TVs and gaming consoles also have enough processing capacity to be targets.
As the presence and capabilities of connected devices continue to increase, they could become more useful in botnets, he said.
By 2020, 50 billion devices are expected to be connected to the Internet, according to an AT&T study. The troops are amassing for the hackers, said Gerry Kane, cybersecurity segment director at insurance provider Zurich North America in Schaumburg.
“(Hackers) can put together an enormous botnet compared to the ones they’re able to put together today,” he said. “Which is very powerful, particularly for conducting something like a denial of service attack.”
It’s not just consumers buying Internet of Things devices — businesses are investing as well. A 2015 study from consultant McKinsey & Co. estimated the economic value surrounding the Internet of Things could be worth $1.1 trillion — about 11 percent of the global economy — by 2025.
This swift increase of devices is part of what opens so many holes, Kane said.
“Security usually takes a back seat to time to market when these devices are being produced,” he said. “It means they’re susceptible to hackers much more than they should be.”
One way to protect most devices, like smartphones and computers, is to update their software, which often closes security holes. But sometimes it’s not so easy with the Internet of Things.
“Generally, the vulnerabilities are not known, and even when they are, they are very difficult to fix when they’re in the field,” Kane said. “Which is why it’s so important to address these things early on in the development cycle.”
For now, consumers should keep an eye out for updates, and create strong passwords when they can, Clyde said.
“We’re at the early stage of the attack trend,” he said. “But I do expect it to get much bigger.”