Internet of Things

In 2016 concerns about securing the Internet of Things for the future saw plenty of airtime and column centimetres devoted to it by industry commentators.  As 2016 ends IoT security appears to be featuring prominently for all the wrong reasons courtesy of some malicious code called Mirai. 

Mirai is proving to be a very dangerous piece of IoT malware. It has been developed to scan the internet for insecure IoT devices such as routers, DVR’s and cameras. Once Mirai finds and infects these devices they then become part of a botnet army which can then be used to launch large scale Distributed Denial of Service (DDoS) attacks.

Mirai came to prominence during September after it was used to create an attack against a Dynamic DNS Service provider in the US called DynDNS. The attack, which lasted the best part of a day, impacted many users as hundreds of services including Netlink, Twitter and AirBnB became inaccessible.   

Subsequently similar attacks have hit Telcos including Deutsche Telekom in Germany, Talk Talk in the UK and Eircom in Ireland. Home routers supplied to their customers have been infected with Mirai and thereafter used to create DDoS attacks that severely affected service provision. In Germany just under a million customer routers were affected and taken offline. The manufacturers identified as having vulnerable router equipment “in the field” include Zyxel, DLink, ZTE and Billion.    

The original variant of this IoT malware gains access to devices using a brute-force attack to apply many possible default user and password combinations from the various equipment manufacturers via a telnet or SSH session. A second variant exploits a router management protocol used by the Telcos to remotely manage devices. In both cases once the device has been infected remote administration functions are disabled making attempts to fix the issue by applying a software update impossible.

Because many IoT devices are based on cheap computing technology they will continue to be easy targets for malicious malware. Getting the equipment manufacturers to all agree to build in better security will be challenging. Whilst simplistic, it may be feasible to enforce a login and password change from the factory default setting after installation – even more simplistic…….should we just expect that the users of the equipment are responsible for changing the default login and password setting after installation ? – currently it is estimated 500,000 devices are infected by Mirai and its variants.   

Whilst the recent DDoS examples appear to have created minimal damage one does wonder if 2017 will be the year when we see some seriously negative outcomes as we scramble to develop an antidote for this malicious and infectious activity.  

To download the booklet – Building a Trusted Foundation for the Internet of Things – CLICK HERE

If you would like to discuss this or any other security requirements, please don't hesitate to contact Sameer Shaikh



The Team at MPA wish all the best for the Holiday Season.

Seasons Greetings


Sameer Shaikh -

Sameer has over 11 years of experience in sales and customer service roles in the technology, financial, wholesale trade and retail sector in India, UAE, United Kingdom and New Zealand.

At MPA Sameer is applying his expertise in customer management and business development to maintain existing business relationships as well as developing new business opportunities.

He also shares responsibility in the sales and purchase order entry and logistics areas.

Sameer has a Bachelor of Science degree.

Latest Security Problems Solved

Internet of Things More >
HTTPS – Uptake Set to Accelerate in 2017 More >
Addressing Endpoint Security Challenges More >
Taking a Different Approach to Endpoint Security More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >