Numerous smart watches, coffee makers, vacuum cleaners, and even cars are now part of what is called the Internet of Things (IoT), a catch-all term for the connected devices weâre growing to love and rely on. At least in theory, the IoT should make our lives simpler and more convenient; hence its rising popularity.
However, thereâs a flip side: security. Unfortunately, manufacturers are not overly concerned with the security of Internet-connected devices, so almost any âsmartâ device is vulnerable and thus potentially dangerous. Kaspersky Lab investigated what threats are lurking in the IoT.
Is the IoT dangerous?
IoT devices often have weak security that is very easy to bypass. Criminals are only too happy to take advantage: The number of malicious programs attacking the IoT has more than doubled this year. Worldwide, smart devices now number 6 billion, and many of them are vulnerable, making them a juicy prospect for intruders.
Hacked IoT devices can be used for DDoS attacks, channeling the combined power of lots of, say, Wi-Fi routers to flood and cripple a server. That was exactly what the infamous Mirai botnet did, for example, when it took down dozens of the worldâs largest Web services nearly a year ago.
Itâs not only botnets that make use of Internet-connected smart devices. For example, having hacked into a smart webcam, an attacker can start spying on its owner. Nothing is sacred in the IoT, and even childrenâs toys are not immune. Cybercriminals can exploit an unprotected Bluetooth connection to speak to a child in the guise of his or her favorite Furby or teddy bear, or spy on your youngster with the help of a doll.
Last but not least, some criminals simply break IoT devices, putting them out of operation. That was the modus operandi of the BrickerBot worm. Attacked gadgets simply turned into dumb plastic and metal.
Know your enemy
Kaspersky Lab decided to perform a vulnerability check of eight smart things: a smart charger, an app-controlled and webcam-equipped toy car, a receiverâtransmitter for smart-home systems, a smart scale, a vacuum cleaner, an iron (yes, a smart iron!), a camera, and a watch.
The results were not encouraging. Of the eight devices only one proved to be secure enough, while the remaining gizmos did not boast reliable protection. Many of them used weak default passwords, which in some cases couldnât even be changed, and others left confidential information open to interception.
Among the other smart things our experts examined was a popular âspyâ toy â a phone-app-controlled car with a built-in camera. Connecting to the phone didnât even require a password, so the car could be controlled by absolutely anyone. This spy-on-wheels can record sound and video, allowing criminals to amass blackmail material and more on the gadgetâs owner.
How to live in the IoT world
Hereâs what we advise to stay secure when using smart devices:
Weigh the pros and cons before buying. Look for information about previous attacks on the gadget youâre interested in. Perhaps some hacking stories have already surfaced on the Internet.
Always change the default password to something more complex. If the device doesnât let you change the password, reconsider whether you really need it.
If you still want to buy the device, think about ways to lessen the risks of attack. Kaspersky Lab has released a beta version of Kaspersky IoT Scanner, a free security solution for smart gadgets. Kaspersky IoT Scanner checks your home Wi-Fi network, determines which devices are connected to it, and tells you whether they are securely protected.
Source: kaspersky.com