Millions are at serious risk of being hacked without even knowing it, with fitness trackers, smart TVs and even children’s toys among the most vulnerable items, according to new research from consumer security firm, BullGuard.
Commenting on this, Ben Hertzberg, research group manager at Imperva, said “The main threat with the Internet of Things (IoT) is that there are billions of internet-connected devices where basic security standards are not enforced. Devices are shipped with default credentials (sometimes without the ability to change them), vulnerabilities in their web interfaces, remote update procedures and more. With Gartner estimating that over 20 billion of these devices will be in use by 2020, the problem may grow from a nuisance to a catastrophe. The danger is not only their use as a weapon for denial of service attacks, but also other risks like using the devices as a platform to infiltrate networks and using the devices to remotely view sensitive material.
The surge of Internet of Things systems is accompanied with a surge of breaches. As in previous IoT hacks, like the teddy bear hack and some of the recent vehicle hacks, the tendency is to focus on the end device, the potential of someone taking control and the nature of the data that was poorly protected, bringing the cyber threats to the most intimate places of our lives. In many cases, it is not the device itself that was exploited, but the server through which the device was connecting to the Internet or mobile application along with the interaction between them. The security community well understands that a web server open to the Internet presents a target for any hacker located anywhere on the planet, and without proper security controls in place, getting hacked is only a question of time. However, it seems that for IoT servers, which share essentially the same risks, it will take some time and some more creepy hacks, for the security surrounding the IoT servers to reach this maturity.
We’re seeing those devices being used in other malicious activities like probing websites for vulnerabilities and attempting to take over accounts. In conclusion – every company that’s selling devices that connect to the internet must know that in that moment they become a target, and will probably not have a lot of grace time before they start getting attacked.”
Chris Clark, principal security engineer at Synopsys, added “Who doesn’t want a £5.99 plushy that can speak to you? But therein lies the challenge. Consumers need to be more aware of the types of technologies brought into the home and how they could be used. Consumers can also look to organisations, such as UL, that provide some level of assurance that the products purchased and certified by UL are more robust than low cost throw away consumer devices. As consumers start to require more secure products from manufacturers, they will be forced to follow the most basic of cyber hygiene development practices which would reduce the potential threat considerably.”