As you may be aware there have been a few rather high-profile DDOS attacks in recent weeks. They all have one thing in common…they leverage common network attached devices that have been compromised, or at least left unsecure.
Many of these devices have been found to be network attached cameras. Brian Krebs has a great post on the matter. The table of most common devices includes IP cameras from several manufacturers, some printers and consumer routers.
I take exception to the BBC headline that reads "Webcams used to attack Reddit and Twitter recalled." Their use of the term webcam is egregiously in error.
By definition, a "Webcam:"
- Has not been a factor in these DDOS attacks.
- Are not network attached devices.
- Are usually USB connected to a computer.
- Are not able to do anything without the host computer.
While you may think me pedantic about the headline, the BBC’s overly broad definition of a "webcam" does their audience a disservice. There’s simply no need to have every granny who video chats with her grandkids worried about the one-eyed Logitech menace atop her monitor.
Quite plainly, it’s the router, Dropcam, Nest thermostat or Skybell that she should be worried about. Not that those products have been cited as problematic, but by virtue of the fact that they are network connected, they at least might be compromised.