Smart devices straight off the shelf have horrible security

Wednesday, May 02, 2018 by

Every smart device you buy straight from the shelves and add to your local internet of things (IoT) is an additional opening for hackers to compromise your home and your safety, according to an article on ScienceDaily.

Cyber researchers from the Ben-Gurion University of the Negev (BGU) have been investigating devices and networks in the smart home and IoT for security issues. As part of their ongoing research, they took apart and reverse-engineered widely-used smart devices.

To their displeasure, they uncovered numerous security issues with baby monitors, security cameras, doorbells, and thermostats, to name a few IoT devices.

“It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices,” reports Dr. Yossi Oren, who leads the Implementation Security and Side-Channel Attacks Lab at Cyber@BGU.

Playing the role of hackers, he and his BGU research team easily found ways to shut down or activate IoT devices remotely. They even projected loud music through the speaker of a baby monitor.

Practically everyone on the team used at least one of the compromised products in their own homes. The horrific lack of security perturbed all of them.

“It only took 30 minutes to find passwords for most of the devices, and some of them were found only through a Google search of the brand,” shared Omer Shwartz, who is one of Dr. Oren’s students and researchers.

“Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely,” he said.

Hackers know the default password for your IoT smart device

According to the BGU researchers, there are several security gaps in IoT devices that a hacker could take advantage of. Comparable products often have the same default passwords even if they are marketed under different brand names by competing companies. So if you can hack one, you can hack all of them.

Furthermore, people and companies who buy those products rarely change their passwords during their lifetimes. They might not even suspect that their smart device has already been infected with malicious code.

What’s worse is that the BGU researchers were able to infiltrate entire Wi-Fi networks through a single IoT device. And they accomplished it by stealing the password stored in the smart device.

In light of these findings, Dr. Oren exhorted manufacturers to adopt tougher passwords that are not hard-coded into the device, remove remote access capability, and improve the security of shared ports. He was especially appalled by how his fellow Cyber@BGU researchers were able to hack an audio jack and turn simple earphones into makeshift recorders.

“It seems getting IoT products to market at an attractive price is often more important than securing them properly,” he grumbles.

Be smart about protecting your smart home and smart devices

Dr. Oren and his team, therefore, suggest the following tips to protect your IoT devices, family, and business from hackers:

  • Get your IoT devices from manufacturers and vendors you trust.
  • Don’t buy used IoT devices. There might already be malware in them.
  • Find out if a smart device has a default password. Change the password before you add it to your network.
  • Use long and strong passwords. Dr. Oren recommends a minimum of 16 characters.
  • Do not use the same password on more than one device.
  • Always update your software. By extension, only get your software from trusted manufacturers.
  • Don’t connect a device to the internet just because you can. Decide whether or not the benefits of internet access outweigh the security risks.

Visit Glitch.News to find out more ways to protect your smart device.

Sources include:

ScienceDaily.com

Wired.com



Comments

comments powered by Disqus