Looking at a random sample of the latest products technologyς Internet of Things (IoT), her researchers Kaspersky have discovered major threats to interconnected homes.
Among the products examined include: a coffee maker displaying its code Wi-Fi the homeowner, a baby monitor that can fall into the control of a malicious third party, and a home security system that can be controlled by smartphone, which can be deceived through a magnet.
2014, David Jacoby, a Kaspersky Lab expert, decided to investigate which of his home appliances could be vulnerable to a digital assault. In his experiment, He discovered ότι σχεδόν όλες τους ήταν ευάλωτες. Μετά από αυτό, το 2015 μια ομάδα της Kaspersky Lab επανέλαβε το πείραμα με μία μικρή διαφορά: ενώ η έρευνα του David εστιάστηκε κυρίως σε διασυνδεδεμένους server, router and smart TV, the latest research focused on the various "smart" devices available in the market.
The devices selected for the experiment were the following: a USB device for video streaming, an IP camera, a coffee maker and a smartphone-controlled home security system. Her research Kaspersky he discovered that almost all of these devices included vulnerable points.
During the experiment, a baby monitor camera allowed a hacker using the same network as the owner to connect to the camera, watch videos recorded on it, and run sound features on the camera itself. Other cameras from the same manufacturer allowed hackers to collect owners' passwords. Also, the experiment showed that it was possible for a hacker to regain the password from the camera and maliciously change its firmware.
With regard to smart application-controlled coffee makers, it is not even necessary for the hacker to be on the same network as the victim. The coffee maker tested during the experiment sent so many unencrypted information that was enough for an attacker to discover the password for the owner's Wi-Fi network.
When testing a smartphone-controlled home security system, Kaspersky Lab researchers found that the system software had only minor issues and was secure enough to withstand a digital attack. However, a vulnerability was detected in one of the sensors used by the system.
The contact sensor, designed to trigger the alarm when a door or window opens, operates by locating a magnetic field emitted by a magnet placed on the door or window. When the door or window opens, the magnetic field disappears, causing the sensor to send alarm messages to the system. However, if the magnetic field remains in place, no alarm alerts should be sent.
During the home security system experiment, Kaspersky Lab specialists were able to use a simple magnet to replace the magnetic field of the magnet in the window.
This meant they could open and close a window without activating the alarm. The big problem with this vulnerability is that it is impossible to fix it with a software update. The issue is to design the security system itself. Most alarming is that devices based on magnetic field sensors are a common type of sensors used in many systems that are on the market.
“Our experiment showed that most providers of 'smart' devices give importance to the issue of digital security when developing IoT products. However, any connected and app-controlled device will almost certainly have at least one security issue. Criminals could take advantage of quite a few of these. For this reason, it is important that all these issues are fixed – even those that are not critical. These vulnerabilities must be fixed before a product is released to the market, as it can be much more difficult to fix a problem when a device has already been sold to thousands of owners"Said Victor Alyushin, Kaspersky Lab Security Investigator.
To protect the lives and loved ones of the dangers of vulnerabilities in "smart" IoT home appliances, it is good for consumers to follow the following simple tips from Kaspersky Lab experts:
- Before buying any IoT device, check the Internet for news about any vulnerabilities in that device. IoT is a "hot topic" and many researchers are doing great work in finding the security issues faced by these products (from baby monitors to weapon-controlled applications). It is very likely that the device you are going to purchase has already been tested by security researchers and it is possible to see whether the items found on the device have been repaired.
- It's not always a good idea to buy newly released products. Together with the standard bugs often accompanying new products, recently launched devices may have security issues that have not yet been discovered by security researchers. The best advice in this case is to buy products that have already gone through several software updates.
- When you choose which part of your life you will be a bit more "smart", consider the security risks. If your home is the place where you store a lot of material value, it's probably a good idea to choose a professional alarm system that can replace or complement already existing and application-controlled alarm systems in your home. You can also set up the existing system in such a way that potential vulnerabilities do not affect its operation. When choosing a device that will collect information about your personal life and your family's life (eg a baby monitor), it might be wise to choose the simplest wireless market model that is only able to emits a beep without being connected to the Internet. If this is not an option for you, then follow the first advice and choose wisely.
More details are available on the Kaspersky website Securelist.com.
