DDoS Attack: How To Identify Vulnerable Devices


DDoS Attacks

ddosOn October 21st, a massive Cyber-Attack impacted major websites such as Airbnb, Etsy, Netflix, Reddit, Spotify and Twitter. The nature of the attack is part of a growing trend of Dedicated Denial of Service (DDoS) attacks that utilize infected Internet of Things (IoT) devices. Examples of IoT devices are security cameras and DVRs. For more information on DDoS attacks and IoT, see two recent DCT articles,
IoT Insecurity – The Biggest Consumer Threat Ever? and The Internet is Officially Dead.

Since the Mirai BotNet was made open source (meaning anyone can use it) earlier this year, there has been an increase in Cyber-Attacks using IoT devices. The October 21st DDoS attack force included 50,000 to 100,000 IoT devices.

What makes a device or ‘thing’ vulnerable? The easiest way for a device to be compromised is if it is still using the default User ID and Password. If your router is still using ‘Admin/Admin’ for its ‘User ID/Password’, change it now!

Are You Compromised?

What if you have a device that is compromised? Anecdotally, if you reset the device, it should remove any malware. All the same, I’d also change its User ID (if possible) and Password.

So how can you tell if you have an infected ‘thing’? BullGuard has a tool called IoT Scanner. If you are unfamiliar with BullGuard (as I was), BullGuard is a top-rated European consumer security company and is a pioneer in the IoT and connected device security for consumers. Its scanning tool uses a vulnerability scanning service, Shodan, to identify whether one of the devices on your network is a known vulnerability. Shodan is a search engine for the Internet of Things. It identifies devices that are publicly accessible on the Internet, making them vulnerable to hackers.

Let’s Find Out

It only takes a few steps to find out if any of your devices have been compromised:


STEP 1:  While on your home network, go to BullGuard’s IoT Scanner.

STEP 2:  Select ‘Check if I am on Shodan’.

bullguard_1-225x400

After the scan is complete, hopefully, you will see this:

bullguard_2-225x400

STEP 3:   You can choose to do a ‘Deep Scan’ to make sure that all of your devices are not vulnerable. While there is a caution that this may result in vulnerable devices being indexed by Shodan, in my opinion, I’d rather know now than find out after the fact if a device is eventually compromised. So, if you’re game, scroll down a bit and select ‘Deep Scan’.

bullguard_3-225x400

STEP 4:  Hopefully, you have no vulnerable devices and will see this:


bullguard_4-225x400

So, in a few simple steps, you can find out if you’ve been compromised or have the potential for that to occur.

About the Author

Judy Novotny

Judy is a computer veteran with 30 years of experience. She has owned everything from a TRS-80, Apple IIe and various Windows-based PCs. She is currently living in her Apple ecosystem at home consisting of an iPhone, iPad, iMac, MacBook, Apple TV, iPod nano and two Time Capsules. She is a fan of all things mobile since she got her first Palm Pilot in 1999. Check out her iPad app, Number Wizard, in the App Store. Follow her on Twitter @junovotech or at Junovo.com.

There are 2 comments

Your email address will not be published. Required fields are marked *