As the number of smart devices entering households across the UK explodes, a report from Which? has suggested that half are vulnerable to a cyber attack from hackers.
Smart devices range from anything, including the latest toys that parents give to their children. A survey of 15 devices by the consumer group Which? found that eight were vulnerable to hacking via the internet, Wi-Fi or Bluetooth connections. It said ethical hackers broke into the CloudPets toy and made it play its own voice messages – any stranger, therefore, could use the method to speak to children from outside.
Commenting on this, Ben Hertzberg, research group manager at Imperva, said “The main threat with the Internet of Things (IoT) is that there are billions of internet-connected devices where basic security standards are not enforced. Devices are shipped with default credentials (sometimes without the ability to change them), vulnerabilities in their web interfaces, remote update procedures and more. With Gartner estimating that 20.8 billion of these devices will be in use by 2020, the problem may grow from a nuisance to a catastrophe. The danger is not only their use as a weapon for denial of service attacks, but also other risks like using the devices as a platform to infiltrate networks and using the devices to remotely view sensitive material.”
“The surge of IoT systems is accompanied by a surge of breaches. As in previous IoT hacks, like the teddy bear hack and some of the recent vehicle hacks, the tendency is to focus on the end device, the potential of someone taking control and the nature of the data that was poorly protected, bringing the cyber threats to the most intimate places of our lives.”
Everything is now connected via the Internet of Things (IoT), and for the most part, the out-of-the-box security embedded into them is weak, and easily hacked. This potentially allows hackers to exploit devices like Amazon’s Echo, as well as the Google Home device. By accessing a connected toy, for example, the ethical hackers used in the study were able to send commands to Amazon Echo – like voice purchasing. These devices, or similar devices, will eventually be used for the maintenance and security of the home.
Amazon did not, however, that it is possible to turn voice purchasing off through the Alexa app.
>See also: IoT security needs to be enhanced
Which? said: “Building on a recently published flaw, SureCloud hacked the toy and made it play its own voice messages. Scarily, anyone could use the same method to speak to children from outside in the street.”
‘This a real privacy concern and we found thousands of similar cameras available for anyone to watch the live feed over the internet. Worse still, the hacker can even pan and tilt the cameras to monitor activity in the house.”
Alex Neill, of Which?, said: “There is no denying the huge benefits that smart home gadgets and devices bring to our lives. However, consumers should be aware that some of these appliances are vulnerable and offer little or no security. There are a number of steps that people can take to better protect their home, but hackers are growing increasingly more sophisticated. Manufacturers need to ensure that any smart product sold is secure by design.”
The report also found a vulnerability in the Virgin Media Super Hub 2 router, allowing easy access onto the home’s Wi-Fi network. “After SureCloud gained access to our Wi-Fi network, it could easily control any devices that didn’t require a password.”
>See also: It’s time to take IoT security seriously
As a result, Virgin Media said yesterday that it is advising around 800,000 customers with the router to change their password immediately.
Commenting on the news is Cesare Garlati, chief security strategist, prpl Foundation, suggests some prevention methods for concerned citizens.
“For those concerned about the security of smart home devices – start with basic home router or home gateway best practice: 1) Regularly check for router firmware updates 2) Change default password on router 3) Configure firewall policies 4) Enable MAC filtering 5) Use guest network for guest devices 6) Use guest network for home devices 7) Disable UPnP 8) Close all ports on your firewall.”