Wednesday, May 02, 2018 by Edsel Cook
Every smart device you buy straight from the shelves and add to your local internet of things (IoT) is an additional opening for hackers to compromise your home and your safety, according to an article on ScienceDaily.
Cyber researchers from the Ben-Gurion University of the Negev (BGU) have been investigating devices and networks in the smart home and IoT for security issues. As part of their ongoing research, they took apart and reverse-engineered widely-used smart devices.
To their displeasure, they uncovered numerous security issues with baby monitors, security cameras, doorbells, and thermostats, to name a few IoT devices.
“It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices,” reports Dr. Yossi Oren, who leads the Implementation Security and Side-Channel Attacks Lab at Cyber@BGU.
Playing the role of hackers, he and his BGU research team easily found ways to shut down or activate IoT devices remotely. They even projected loud music through the speaker of a baby monitor.
Practically everyone on the team used at least one of the compromised products in their own homes. The horrific lack of security perturbed all of them.
“It only took 30 minutes to find passwords for most of the devices, and some of them were found only through a Google search of the brand,” shared Omer Shwartz, who is one of Dr. Oren’s students and researchers.
“Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely,” he said.
According to the BGU researchers, there are several security gaps in IoT devices that a hacker could take advantage of. Comparable products often have the same default passwords even if they are marketed under different brand names by competing companies. So if you can hack one, you can hack all of them.
Furthermore, people and companies who buy those products rarely change their passwords during their lifetimes. They might not even suspect that their smart device has already been infected with malicious code.
What’s worse is that the BGU researchers were able to infiltrate entire Wi-Fi networks through a single IoT device. And they accomplished it by stealing the password stored in the smart device.
In light of these findings, Dr. Oren exhorted manufacturers to adopt tougher passwords that are not hard-coded into the device, remove remote access capability, and improve the security of shared ports. He was especially appalled by how his fellow Cyber@BGU researchers were able to hack an audio jack and turn simple earphones into makeshift recorders.
“It seems getting IoT products to market at an attractive price is often more important than securing them properly,” he grumbles.
Dr. Oren and his team, therefore, suggest the following tips to protect your IoT devices, family, and business from hackers:
Visit Glitch.News to find out more ways to protect your smart device.