IoT Cameras and DVRs as DDoS Reflectors: Pros and Cons from Hacker’s Perspective

Abstract

The Mirai attacks of 2016 have shown the devastating DDoS potential of compromised IoT devices (primarily IoT cameras and DVRs), when nearly half a million of these devices were used to launch some of the largest and most devastating DDoS attacks recorded to date. One would hope that a full year later, the users and administrators of Internet-facing IoT devices have taken at least the basic measures towards reducing the likelihood that their devices get recruited as facilitators/executors of direct or reflected DDoS attacks. Unfortunately, the results of our recent study involving real-world IoT cameras and DVRs are rather discouraging as they show that: 1) with the existence of publicly accessible IoT search engines, such as Shodan, it has become easier than ever for hacker to discover and compromise IoT devices, of any kind and anywhere in the world, and 2) a significant number of these devices are inadequately protected against TCP-SYN floods and DDoS reflection - either by means of firewalls or at the OS-level. The aim of this article is to serve as a wake-up call to the users and administrators of Internet-facing IoT devices, and alert to the need to better protect these devices form being coopted by hackers for purposes of DDoS attacks.