StarHub outage: Experts sound alarm on attacks by 'smart' devices

Lack of regulation over their security standards puts them at risk

According to security experts, web cameras could become a rising force of disruption. PHOTO: ST FILE

Security experts have warned that armies of unsecured "smart" devices like Web cameras could become a rising force of disruption, following two cyber attacks on StarHub that came from its customers' infected machines.

Mr Alex Tay, Netherlands-based digital security firm Gemalto's Asean head of identity and data protection, said these Internet-connected devices are especially vulnerable as there is no regulation over their security standards.

"The lack of consideration for security controls within such devices is giving hackers the ability to take ownership of them," said Mr Tay.

For instance, devices such as routers and network cameras have default credentials and passwords that users rarely change.

Cyber criminals can hack into them and turn them into zombie machines that flood targeted systems with requests to bring them down. This is known as a distributed denial-of-service (DDoS) attack.

Attacks on StarHub's network last Saturday and on Monday came on the heels of a similar DDoS attack last Friday on United States- based Internet infrastructure provider Dyn.

A piece of malware called Mirai reportedly infected traffic cameras, which became zombie machines that overwhelmed Dyn's systems.

That resulted in a massive Internet disruption on the east coast of the US, cutting off access to websites such as The New York Times site and Spotify.

In a similar way, StarHub's subscribers could not surf the Web for about two hours on each occasion.

"We cannot rule out the possibility that the DDoS attack on StarHub was caused by malware Mirai, given that the source code has been released online," said Mr Sanjay Aurora, British-based cyber security firm Darktrace's Asia-Pacific managing director.

Intel Security's vice-president of consumer business David Freer said consumers should take extra precautions. "To make sure you are not part of a DDoS attack, set challenging passwords for your devices and change them regularly," he said.

According to research firm Gartner, the number of such connected devices - excluding smartphones and computers - is estimated to reach 21 billion by 2020, from 4.9 billion last year.

Given the increasing connectedness of day-to-day appliances, the Cyber Security Agency and the Infocomm Media Development Authority also jumped in to warn users to adopt good cyber hygiene. "It takes a collective effort from companies and society to bolster our cyber resilience," they said in a joint statement yesterday.

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on October 27, 2016, with the headline StarHub outage: Experts sound alarm on attacks by 'smart' devices. Subscribe