California Attorney General Kamala Harris warns public, IoT device makers

The massive botnet attack launched against domain name server (DNS) service provider Dyn earlier this month prompted an announcement from California Attorney General Kamala Harris, Monday, where she urged consumers and device developers to protect against future attacks. The attack took many popular websites — including Box, GitHub, PayPal and Twitter — partially or completely offline on Oct. 21.

Harris urged makers of Internet-connected devices like those used in the attack to focus more heavily on security, and for citizens to take whatever measures are necessary to protect their devices from another Distributed Denial of Service (DDOS) attack.

The attack took advantage of the common practice of devices shipping with default usernames and passwords that people are often unaware of or seldom change. Harris explained in her plea to the public to search online for instructions on how to update passwords and protect their devices.

“While the primary responsibility for building security into [the Internet of Things] lies with the industry, individual consumers can also take steps to protect their homes, cars and personal information from automated scripts searching the Internet for vulnerable devices,” Harris’ office wrote. “To date, manufacturers and developers have not made these steps very clear, and they should update their company websites to help consumers safeguard against and combat botnet attacks.”

General instructions on how to change a device password followed along with a link to the Attorney General’s Privacy Enforcement and Protection Unit website.