Skip to main content

Internet of Threats!

The Internet of Things (IoT) is continuing to gain traction with an ever-increasing number of connected devices coming to market. But as tech-savvy consumers begin investing in their first devices for a connected home, what is to stop them becoming a cyber attacker's next target?

While still uncommon, we know that cyber attackers are going after connected consumer devices, demonstrated on a massive scale by the group of Russian hackers who published thousands of live-streaming webcam footage from over 250 countries.

Unless the manufacturers of connected devices take a holistic approach to bolstering their cyber security efforts, these types of attacks will increase in number.

To gain a greater understanding of the cyber security risks that consumers could be exposing themselves to, research was conducted into the cyber security posture of six ‘always-on’ consumer IoT devices. The results were unsettling.

Veracode carried out a set of uniform tests across all the devices and found that all but one exhibited application-related vulnerabilities across web, mobile and cloud services.

Exploiting these vulnerabilities could enable cyber attackers to do a wide variety of things, from running spyware to monitoring all information monitored and even complete control of the device itself. It’s clear these devices were not designed with cyber security in mind.

Where designers are not prioritizing cyber security or privacy, they are putting consumers at risk of a cyber attack or physical intrusion. For example, the information leveraged from anUbi – a WiFi connected, voice-operated computer that allows for hands-free voice interaction in your home – could be used by a criminal to determine exactly when the user is likely to be home, potentially facilitating a robbery or even stalking. 

Alternatively, cyber security vulnerabilities within a Wink Relay device – which  controls lights, heating and even door locks – could allow a criminal to turn on the microphones and listen to any conversations within ear shot of the device, supporting blackmail efforts or capturing corporate intelligence from anyone working in a home office.

Security not a priority to manufacturers

It is not surprising that cyber security hasn’t been prioritised in the production of these devices when considering their lifespan. According to a recent CE Product Lifecycle Study, consumers expect to replace their electronics every five years.

This means that for many manufacturers, the focus is largely on developing the next ‘killer feature’ that makes a consumer’s life easier to stay competitive and acquire a healthy stream of new customers.

Since the average consumer thinks cyber security is an internet issue, cyber security just isn’t a high priority for home automation device manufacturers.

Like any emerging technology, the perceived risk relates to the volume of devices on the market. While there are far greater cyber security risks towards more lucrative targets, such as mobile banking, e-commerce and healthcare self-service applications, there is certainly a growing risk posed by IoT devices.

We may see specific attacks on high-profile targets, such as celebrities and politicians whose information is already of value due to their status. For example, last year the iCloud accounts of celebrities, including Jessica Lawrence and Kim Kardashian, were specifically targeted to leak intimate information and pictures.

What does all this mean for consumers who have bought or are looking to buy connected devices? Buyers need to be aware that these devices come with cyber security risk and should take this into account when choosing what to purchase. Look at the track record of the company who manufactures the product.

Tomorrow’s threat

While cyber security is on every consumer’s mind today, most don’t view home automation technology as a serious threat. After all, why would anyone care what temperature you like the living room set to or if you dim your bedroom lights after dinner?

Everyone must start thinking like a cyber attacker and understand that all information has value to someone. For example, ransomware or cryptolocker-style attacks on PCs are already a common nuisance – locking files or access to your PC altogether until you pay a ransom to regain access.

What’s the impact of such an attack on a home automation device that leads to, “I won’t turn your central heating back on until you wire me £1,000?

While consumers need to be vigilant about the risk of technology in their home, manufacturers need to do a better job of securing their IoT products.

These manufacturers have a responsibility to take steps to minimise the risk of losing users’ sensitive data and to mitigate any risk to the consumers’ physical safety.

While consumers might not be feeling the full effects of these IoT risks now, they should join the cyber security industry in putting pressure on manufacturers to do their upmost to ensure that these cases never arise

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Unlock (and Play) Hidden Chess Game Inside Facebook Messenger

What can you do with Facebook Messenger? Chat with your friends Send GIFs, stickers, and photos Make video calls Send people money in Messenger Have you ever wondered to Play a game while you chat with friends? Yes, it is possible. Facebook had made it to the reality by building a hidden built-in functionality in Facebook Messenger that lets you play Chess with your friends without having to install a third-party app. It just takes one simple step to unlock this hidden game. All you need to do is: type " @fbchess play " and hit Enter, during a conversation, and a small square box would appear in the chat box. Here's how to play: The person who initiated the game would be assigned "White" side, to make the first movement. Although there is some standard algebraic notation like:- B for “Bishop” R for “Rook” Q for “Queen” K for “King” N for “Knight” P for “Pawn” Pawns could b
1 comment
Read more

How to Build a Successful Incident Response Plan

The fight to protect your company’s data isn’t for the faint of heart. As an embattled IT warrior, with more systems, apps, and users to support than ever before, keeping everything up and running is a battle in itself. When it comes to preventing the worst-case scenario from happening, you need all the help you can get, despite your super-hero status. According to SANS, there are 6 key phases of an incident response plan. Preparation -  Preparing users and IT to handle potential incidents in case they happen Identification -  Figuring out what we mean by a “security incident” (which events can we ignore vs. which we must act on right now?) Containment -  Isolating affected systems to prevent further damage Eradication -  Finding and eliminating the root cause (removing affected systems from production) Recovery -  Permitting affected systems back into the production environment (and watching them closely) Lessons Learned -  Writing everything down and reviewing
1 comment
Read more

WannaCry:All about WannaCry

Malicious software or "ransomware" has been used in a massive hacking attack, affecting tens of thousands of computers worldwide. Software security companies said a ransomware worm called "WannaCry" infected about 57,000 computer systems in 99 countries on Friday, with Russia, Ukraine, and Taiwan being the top targets. The hack forced British hospitals to turn away patients, affected Spanish companies such as Telefonica, and threw other government agencies and businesses into chaos. How it works: WannaCry is a form of ransomware that locks up files on your computer and encrypts them in a way that you cannot access them anymore. It targets Microsoft's widely used Windows operating system. When a system is infected, a pop-up window appears with instructions on how to pay a ransom amount of $300. The pop-up also features two countdown clocks; one showing a three-day deadline before the ransom amount doubles to $600; another showing a deadline
Post a Comment
Read more