NCTA — The Internet & Television Association

Was Your DVR Used in a DDoS Attack?

Was Your DVR Used in a DDoS Attack?


This past September, KrebsOnSecurity, a website dedicated to news and information on internet security, was struck by a record breaking denial of service attack. A month later, a similar attack took place against Dyn, an internet infrastructure company. Soon after, NCTA produced a helpful graphic explaining how a DDoS attack like the ones that struck KrebsOnSecurity and Dyn work by taking advantage of unsecured internet-of-things devices like cameras and thermostats to overwhelm and crash servers and infrastructure.

It was widely reported that part of the cacophony of devices used in these DDoS attacks were DVRs. When most of us hear DVR, we think of the device that our TV provider gives us to record TV shows. But were the DVRs that were used in these attacks those same DVR’s? And more importantly, are the DVR’s so many of us have in our homes secure?

DVR, or digital video recorder, is a generic term that refers to any physical hard drive used to record video. The vast majority of DVRs are actually like this one, a simple black box used to record closed circuit security camera footage, not the ones distributed by TV providers. It spends most of its life sitting in a closet recording, erasing, and re-recording closed circuit camera footage. For businesses on a budget, paying a lot for a device that does such an unglamorous job doesn’t make sense, so the cheapest DVR will do, even if it’s compromised by poor or limited security features.

On the other hand, when your TV provider refers to a DVR, they’re using the generic term, but they’re talking about a much more advanced and secure device that lets you record and play back TV shows. The core premise is fundamentally the same – record video – but the execution is very different.  Here’s how:


  • Your TV provider DVR does not use a default password. The DVRs that were compromised in the DDoS attack do. This made them much easier to hack and access for nefarious purposes.
  • Your TV provider DVR doesn’t require you to drop home network security features like firewalls in order to properly use them. As bizarre and counterintuitive as it sounds, the manuals for many of the cheap DVRs and network security cameras compromised in the attack instructed their users to open their firewalls to enable remote access making them far more vulnerable.
  • Your TV provider DVR doesn’t have any built in “back doors” that could be accessed and exploited by hackers. Again, as strange as it sounds, the cheap DVRs and security cameras used in the attack have these back doors built right in, ready to be exploited.


The fact is, there’s no way to 100 percent guarantee any device connected to the internet is secure or that it can’t be used in a DDoS attack. But the DVRs used in the recent DDoS attacks were particularly insecure. The DVR that your TV provider gives you is vastly more safe and protected.

Still, there’s more work to be done to make sure DVRs and all web-connected devices, including those provided by TV and internet companies, are as secure as possible. NCTA along with many of our members and other technology companies belong to technology security groups like BITAG, an organization dedicated to creating industry consensus on how to deal with technical internet issues like security and network management. Their recent report explores how we can all create a better, safer, more secure internet of things experience.

While standards are getting sorted out and agreed upon, there are basic precautions everyone can take to better protect their homes and devices. At a minimum, change the default password on all of your internet connected devices and make sure your home network firewalls are up and running.

This blog also appeared in CTAM Smartbrief. To sign up, click here.