How IoT Can Be Used to Build Tomorrow’s Botnets

The idea of a botnet was spawned back in the days when most people were still using IRC to chat with each other over the Web. Thousands of computers infected with viruses would simply flood the gates of a server to the point where it either could no longer process requests or it simply would crash.

In effect, many (if not most) DDoS attacks were carried out in this manner, and most hackers still use some form or another of the same methodology (e.g. infect a bunch of computers, then send them out to attack). Despite botnets having a long history with personal computers, its modern form is composed of CCTV cameras, washing machines, and advanced home and business routers. These new devices make up a new layer of the internet called the Internet of Things (IoT) and the vulnerabilities foreseen by my colleague Sarah Li Cain in her piece here have come to fruition.

Attacks Carried Out By CCTV Cameras

Isolated monitoring cameras on blue sky

A year after we’ve covered the security vulnerabilities in the IoT, I sniffed a possible caveat in the home automation trend which led me to write about how this could make the prospect of hacking rather interesting. We’re entering a point in our history where computers are no longer the dominant devices connected to the internet.

Because CCTV cameras, routers, sensors, and even traffic lights are beginning to have their own IP addresses, hackers are beginning to see this as a possible haven for exploitation. By maneuvering through this connected world, mischievous people can choose to raise entire armies of non-computational devices to do their bidding, expanding the potential of a DDoS attack beyond foreseeable limitations.

An excellent example of this would be the attack carried out on 22 September 2016 against Brian Krabs, clocking in at 620 gigabits per second. Rates like these can make it difficult for small data centers to rise above DDoS threats. Krabs’ host was forced to drop services as a result of this attack.

How It Happens

While the notion of infecting a traffic signal with a virus is absurd, it’s not entirely impossible. However, the most likely way in which hackers are making use of these devices to attack servers is by spoofing connection requests. This is done by sending a message to a device that forces it to send a connection request to a particular IP. Doing this on a loop makes the device flood whatever IP suits your fancy. By attacking in this manner, the hacker doesn’t need to go through the laborious process of infecting the device, making the whole process more enticing to lazier folks.



Preventing DDoS from IoT-connected devices is not very difficult, but it involves participation from firmware developers. By making devices responsive only to commands that come from one particular endpoint, you’ve already eliminated the possibility of a reflection attack. Where this isn’t possible, spoofing could be prevented by placing devices in a closed private network whenever possible, preventing outsiders from being able to interact with them. In the worst case scenario, devices could be programmed to ignore commands from devices that “spam” them (e.g. sending a connection command more than three times in the span of one second).

How do you think we should approach IoT security against DDoS attacks? Tell us in a comment!

Miguel Leiva-Gomez
Miguel Leiva-Gomez

Miguel has been a business growth and technology expert for more than a decade and has written software for even longer. From his little castle in Romania, he presents cold and analytical perspectives to things that affect the tech world.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox