Suddenly hot smart home devices are ripe for hacking, experts warn

Suddenly hot smart home devices are ripe for hacking, experts warn

Jennifer Schlesinger Friday, 23 Dec 2016 | 11:28 AM ET | 02:03

Will 2017 be the year your home becomes under attack from cyber criminals?

Experts expect the number of attacks on the Internet of Things (IoT) will likely increase in 2017. IoT includes devices like webcams, DVRs and connected thermostats that make life easier for homeowners, but are susceptible to cyber-intrusions.

These gadgets add conveniences like locking your door or shutting off the lights all from a smartphone app, but they come with certain risks, experts warn.

"The sharks have smelled the blood in the water and they're now circling to use your IoT device for further attacks," said James Lyne, global head of security research for Sophos, a U.K.-based cybersecurity company.

The concerns about technological vulnerabilities come as experts say smart home devices are hot gifts this holiday season. The growing reach of smart devices makes the dangers more acute, some say.

"I think we're going to see real strength in the Internet of Things and it's not just your thermostat, it's going to be everything in your house, your refrigerator, your washing machine, your dishwasher," Jan Kniffen, a consultant specializing in retail and CEO of J. Rogers Kniffen Worldwide, said on CNBC's "On The Money" recently.

Despite the proliferation of smart gadgets, Kniffen suggested consumers were either unaware or unconcerned about hacking risks—and not taking appropriate measures to prevent them.

'More insecure than secure'

In October, hackers took over 100,000 IoT devices and used them to block traffic to well-known websites, including Twitter and Netflix.

"This is just the beginning of cybercriminals finding ways to creatively use the internet of things. Almost like a test attack," Sophos' Lyne said.

The type of attack is known as a distributed denial of services (DDoS).

"To translate it to the physical world, you know when you go to a shop you've got a revolving door," Lyne continued. "It's like getting a ton of your friends to go to this shop and all run around in circles in the revolving door, so no actual customers can get inside," Lyne said.

While the attack is not believed to have cause any lasting damage, sometimes DDoS attacks are used to cover more damaging attacks.

"We've seen cybercriminals previously launch these big attacks against websites to draw everyone's attention in, whilst in the background they conduct a more sinister attack of a financial nature," said Lyne.

"I think all of us, from industry to individuals, to government are going to have to up our game in terms of making sure these devices are safe from the very real threat of cyber hackers."
-Mark Warner, U.S. Senator

This was the first wide-scale attack that used these devices, but as more a more consumers add the devices to their home, attacks are expected to grow.

"We're going to go from 12 billion devices we currently have, to over 30 billion devices by 2020, all interconnected. That's going to add to the ease of our life but if all these devices are easily hacked into it could mean we could have a whole new host of security concerns," said Sen. Mark Warner, a Virginia Democrat. Warner is a member of the Senate Select Committee on Intelligence and co-founder of the Senate Cybersecurity Caucus.

Smarthome devices are vulnerable because of poor programming. "Devices like these often come with a really bad and easy to guess username and password," Lyne said.

Cybercriminals then take over IoT gadgets by searching the web for those with default passwords. Guessing the password allows the hackers to take over the device and harness its processing power for attacks.

Accordingly, a closed caption television camera or DVR "is enough of a reason to attack you so that you can be useful to attack other people. You are a target," said Lyne.

Many of the devices used in the October attack were recalled by Chinese manufacturer, Xiogmai. But according to Lyne, many vulnerable devices are still for sale.

"Chances are right now if you're buying an Internet of Things device, you're more likely to be buying something insecure, than secure," he said.

To help manufacturers, the Department of Homeland Security released strategic principles for IoT just last month, calling it "a matter of homeland security."

However, the principles are not binding or regulatory and experts told CNBC more needs to be done. "To the vendors, you've got a very small window. The cybercriminals have noticed the abhorrent lack of security," said Lyne.

"I think all of us, from industry to individuals, to government are going to have to up our game in terms of making sure these devices are safe from the very real threat of cyber hackers," said Sen. Warner.

To protect yourself, Lyne recommends first deciding if you really need a smart home device in the first place. "You should ask yourself seriously, do you want this device in your home right now, while the industry takes action to fix these problems," he said.

If you do use or buy IoT devices, you should change the default password and make sure to update the software.

"If you do have one of these devices, make sure you're running the latest version of the software, because lots of manufacturers have issued fixes," Lyne said.


http://www.cnbc.com/2016/12/25/suddenly-hot-smart-home-devices-are-ripe-for-hacking-experts-warn.html

Comments

Post a Comment

Popular posts from this blog

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that the patient is 3,000 kilometers away,”  he said.
Read more

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke
Read more

Visualizing The Power Of The World's Supercomputers

Visualizing The Power Of The World's Supercomputers   BY TYLER DURDEN FRIDAY, JAN 21, 2022 - 04:15 AM   A supercomputer is a machine that is built to handle billions, if not trillions of calculations at once. Each supercomputer is actually made up of many individual computers (known as nodes) that work together in parallel. A common metric for measuring the performance of these machines is  flops , or  floating point operations per second . In this visualization,  Visual Capitalist's Marcus Lu uses  November 2021 data from  TOP500  to visualize the computing power of the world’s top five supercomputers. For added context, a number of modern consumer devices were included in the comparison. Ranking by Teraflops Because supercomputers can achieve over one quadrillion flops, and consumer devices are much less powerful, we’ve used  teraflops  as our comparison metric. 1 teraflop = 1,000,000,000,000 (1 trillion) flops. Supercomputer Fugaku  was completed in March 202
Read more