Request a call back from our team

Complete our quick form below and we'll contact you when you're ready to talk to us.
All fields are required.

IoT (Internet of Things) devices still vulnerable to cyber-attacks

cybersecurity month

Over the years, technology has been expanding and digital devices are on the upward trend. The idea of connecting a device to every aspect of the home or office for instance has been appealing to many.

Technology enthusiasts have coined the name Internet of Things (IoT) for these kinds of devices which are connected to the internet allowing them to correspond with each other… An example of this would be telling your device to switch the light on or off.

Security vulnerabilities

However, in recent years, the security of IoT devices has been questioned. It’s common knowledge that every technological device has its downside, but the security and privacy of these IoT devices has been increasingly worrying. These devices collect more personal information about people; for example smart meters allows the sharing of data between devices and notifies the device when you’re at home or not.

Some security experts believe that there isn’t enough attention being given to the security and privacy of IoTs when they’re created. This point is proven in multiple situations where cyber-hackers have hacked into smart thermostat systems, smart lock systems, and smart fridge systems, as examples.

Smart thermostats

To highlight the vulnerabilities in these ‘smart’ systems, researchers from IT security firm Pen Test Partners, Andrew Tierney and Ken Munro, demonstrated a ransomware attack on a smart thermostat at the DefCon security conference in August 2016. The Wi-Fi enabled thermostat is basically a Linux computer. It allows the user to change their settings through an SD card, and the researchers show that this is where cyber-hackers can install a malicious programme onto the device. The malicious programme can then allow the attacker to have full control over the thermostat. Though cyber-hackers may need physical access to the device, it’s a real-threat that hackers can access the thermostat easily.

Smart fridges

Just to reinstate the multiple issues with IoT devices, Pen Test Partners demonstrated another smart device that’s vulnerable to hacking; a fridge. In 2014, a Samsung smart fridge (model number RF28HMELBSR), which is controlled by their Smart Home app, was hacked and started sending spam emails. The app is designed to download Gmail Calendar information to an on-screen display. Cyber-hackers who join on the same network can steal Google login information.

Smart locks

Anthony Rose and Ben Ramsey from Merculite Security show that smart locks are just as vulnerable as, or even more-so, than the traditional method of locking with a key. They show that smart locking systems have a long way to go before they can guarantee 100% safety. Mr Rose and Mr Ramsey tested 16 locks from manufacturers including iBluLock, Masterlock, and Quicklock at the DefCon conference; 12 of the 16 failed.

The testing revealed passwords in plain text, which can allow cyber-hackers to access the data if they have a Bluetooth connection. Other smart locking systems such as Lagute and Ceomate were found to be vulnerable to a replay attack. These attacks can allow cyber-hackers to snatch the signal when users’ lock or unlock their doors, to then re-use the method of the locking and/or unlocking method. A replay attack has been around for decades; it’s believed that it was first used to open garage doors. It’s egregious that the issue has been around for so long, but innovators of these IoT devices still choose to push forward with this type of modern technology, seemingly without proper considerations for the security and privacy vulnerabilities that evidently exist.

Vulnerabilities must be addressed

Creators of IoT devices must address their security vulnerabilities before placing it on the market. If they don’t, the consequences of hacking such devices could be devastating.

Sources:

https://www.theguardian.com/technology/2015/may/06/what-is-the-internet-of-things-google

https://thenextweb.com/gadgets/2016/08/08/thermostats-can-now-get-infected-with-ransomware-because-2016/#.tnw_fcTNOSAX

http://www.theregister.co.uk/2015/08/24/smart_fridge_security_fubar/

https://thenextweb.com/insider/2016/08/09/buying-a-smart-lock-might-be-a-dumb-investment/#.tnw_pTYYWjwx

https://www.theguardian.com/technology/2015/may/06/what-is-the-internet-of-things-google

https://thenextweb.com/gadgets/2016/07/27/this-is-why-im-still-wary-of-the-internet-of-things/#.tnw_79OX1P3h

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.
Related Post

This website uses cookies.