All those who feel secure in their smart homes or owning smart devices, now have to be more alert: the latest Internet of Things (IoT) products are a serious threat to the connected home, researchers at the Kaspersky Lab claims.
A coffeemaker that exposes the homeowner’s Wi-Fi password, a baby video monitor that can be controlled by a malicious third party, and a smartphone controlled home security system that can be fooled with a magnet are some of the threats that the researchers at the Kaspersky Lab has discovered.
David Jacoby, Kaspersky Lab security expert in 2014 decided to investigate his living room and find out how susceptible the devices he owned were to a cyber attack. He discovered that almost all of them were vulnerable. Again, in 2015, a team of Kaspersky’s antimalware experts repeated the experiment with one little difference: while David’s research was concentrated mostly on network-attached servers, routers and smart TV’s, this latest research was focused on the various connected devices available on the smartphone market.
USB dongle for video streaming, a smartphone controlled IP camera, a smartphone controlled coffeemaker, and a smartphone controlled home security system were the devices selected for experiment.
During the home security system experiment, Kaspersky Lab experts were able to use a simple magnet to replace the magnetic field of the magnet on the window. This meant they could open and close a window without setting off the alarm. The big problem with this vulnerability is that it is impossible to fix it with a software update; the issue is in the design of the home security system itself. What’s more concerning is that magnetic field sensor-based devices are a common type of sensors, used by a multiple home security systems on the market.
“Our experiment, reassuringly, has shown that vendors are considering cyber-security as they develop their IoT devices. Nevertheless, any connected, app-controlled device, is almost certain to have at least one security issue. Criminals might exploit several of these issues at once, which is why it is so important for vendors to fix all issues – even those that are not critical. These vulnerabilities should be fixed before the product even hits the market, as it can be much harder to fix a problem when a device has already been sold to thousands of homeowners,” said Victor Alyushin, Security Researcher at Kaspersky Lab.
For protection, Kaspersky Lab experts advise to follow simple rules:
- Before buying any IoT device, search the Internet for news of any vulnerabilities within that device. The IoT is a very hot topic and a lot of researchers are doing great job of finding security issues in products of this kind: from baby monitors to app controlled rifles. It is very possible that the device you are going to purchase has been already examined by security researchers and it is possible to find out whether the issues found in the device have been patched.
- It is not always a great idea to buy the most recent products released on the market. Along with the standard bugs you get in new products, recently-launched devices might contain security issues that haven’t yet been discovered by security researchers. The best advice here is buy products that have already experienced several software updates.
- When choosing what part of your life you’re going to make a little bit smarter, consider the security risks. If your home is the place where you store many items of material value, it is probably a good idea to choose a professional alarm system, that can replace or complement your existing app-controlled home alarm system; or set-up the existing system in such a way that any potential vulnerabilities would not affect its operation. When choosing a device that will collect information about your personal life and the lives of your family, like a baby monitor, it may be wise to choose the simplest RF-model on the market, one that is only capable of transmitting an audio signal, without Internet connectivity. If that is not an option, than follow our first advice – choose wisely.
|Get a chance to meet who's who of Smart Cities ecosystem in India including key policymakers from Central and State Governments. Join us at Smart Livable & Resilient City Conclave, Pune on 29-30 June, 2018 to explore business opportunities. Like and connect with us on Facebook, Linkedin and Twitter.|