On 10/23/2016 01:29 AM, Guy Dawson wrote: > It's not so much an attack on IoT as with IoT. The worm's ( assuming > a compromised IoT device is used to compromise others - I'm not sure > about this) job is to make IoT devices available to a control system > so that IoT devices can be used to generate the loads needed in DDOS > attacks. > > The attackers would rather you did not know your IoT devices were > compromised as that way you'll leave them connected to the Internet > and under their control.
I contrast NFC and IoT. At least to me, "IoT" implies an Internet-connected device. NFC implies only that there's a device that can communicate wirelessly with nearby devices. Having said that, if one prowls the web for vulnerabilities in, say, DSL modems, it's shocking. Many, if not most, are running some sort of Linux, usually BusyBox (not known for its security). There are millions of the things out there, many with telnet enabled and still with the default password. The ISPs who distribute these things usually view them as "black boxes" and apparently have little interest in security. Whether or not some malefactor can hack a Carrier or Trane connected thermostat is something that I've not researched. --Chuck
