Published on 6/21/2026
|
Last update: 18:40 (Mecca time)
Modern cyberattacks no longer rely solely on hacked computers or infected servers, but rather take advantage of millions of smart home devices connected to the Internet, such as surveillance cameras, routers, smart TVs, digital photo frames, and streaming devices. While the owners of these devices believe that they are performing their normal functions, they may in fact be part of a global criminal network used to carry out large-scale electronic attacks without their knowledge.
An investigation conducted by the American newspaper “The Wall Street Journal” shed light on this phenomenon, explaining that some cheap smart devices may reach consumers already equipped with hidden software or features that allow them to be transformed into tools within criminal networks known as “botnets” or robot networks.
The newspaper indicates that some of these devices begin passing data traffic to external parties as soon as they are connected to the Internet, which turns the home user’s connection into part of the infrastructure that malicious parties exploit to carry out their operations.
What are botnets?
A botnet is a network of devices connected to the Internet that are hacked and managed remotely via a command and control server. These networks usually include Internet of Things (IoT) devices such as cameras, routers, and network storage systems, in addition to computers and smartphones.
According to researchers in the field of cybersecurity, attackers do not need to control powerful devices, but rather rely on the huge number of infected devices, as hundreds of thousands or even millions of devices can send simultaneous requests to a specific target, which gives attackers enormous computing and network power.
Why are home appliances an ideal target?
The problem is that many IoT devices are not designed with strict security standards, and a large number of them operate with default passwords or the manufacturer stops issuing security updates for them shortly after their launch.
A study published on the arXiv platform showed that 3 out of 4 devices tested were vulnerable to infection with the Mirai software when running with their default settings, which reflects the weakness of the built-in protection in a large number of commercial devices.
Black Lotus Labs, a subsidiary of the American company Lumen Technologies, also revealed campaigns that targeted home routers and Internet of Things (IoT) devices that had exited the security support period, and were able to build networks that included tens of thousands of hacked devices around the world.
From “Mirai” to more advanced networks
Mirai is the most famous example of home devices being exploited for cyberattacks. In 2016, the software was able to infect hundreds of thousands of cameras and routers, and used it to carry out one of the largest distributed denial-of-service (DDoS) attacks at the time, which caused the disruption of major Internet services.
Despite the passage of years since its appearance, the leaked “Mirai” code led to the emergence of dozens of upgraded versions, which began to exploit new vulnerabilities and target different types of Internet of Things devices, until there was no longer a single dominant model for botnets, but rather multiple families that were constantly evolving.
From home appliances to an “electronic army”
The danger of these networks is that they can transform millions of dispersed devices into a cyber army that operates in a coordinated manner. When a command is issued from the control server, all devices begin sending huge amounts of data towards a targeted website or digital service, which leads to being flooded with requests and disabled through distributed denial-of-service attacks.
But the use is not limited to that, as some botnets have also become “residential proxy networks,” where attackers pass Internet traffic through hacked home devices to hide their identities, carry out electronic fraud, or bypass protection systems that depend on geographic location and Internet address.
The threat has evolved to the infrastructure level
Modern botnets have become more organized and stronger than before. In 2024, the American authorities revealed the dismantling of the “Raptor Train” network, which – according to a Wall Street Journal report – is one of the largest botnet networks linked to entities supported by China, and during its years of operation, it included more than 260,000 routers, cameras, and network storage systems spread in homes and small offices around the world.
On the other hand, the American newspaper warned that dismantling some networks does not mean the end of the danger, as the same devices are often re-controlled by other criminal groups, entering into new, more powerful networks, capable of carrying out standard attacks that threaten not only websites, but also parts of the Internet infrastructure.
How can this phenomenon be reduced?
Cybersecurity experts believe that confronting this problem requires joint responsibility between manufacturers and users. The most prominent procedures include:
- Change default passwords immediately after turning on the device.
- Install firmware updates periodically.
- Purchase devices from companies that provide long-term security support.
- Isolate IoT devices in a separate network from computers and phones when possible.
- Monitor home network traffic to detect any abnormal activity.
According to experts, home appliances are no longer just tools for daily use, but can turn into active elements in cross-border cyber attacks. Some devices may carry security risks from the moment they are purchased, while research by cybersecurity companies confirms that the weak design of Internet of Things devices and their lack of updates make them a constant target for attackers.
