August 25, 2019

IoT Vulnerability

IoT vulnerability

Do you have an idea of what IoT devices are capable of? If so, then you are probably thinking about ways to protect your personal data from scammers.

Smart devices can be harmful!

Anything can be considered a smart device - just have an Internet connection and remote control capabilities. It can be a coffee maker, fitness tracker, thermal sweat - anything. All these items were created to simplify our lives.

And they can bring us a lot of problems. Most developers, when stamping their smart irons and kettles on the assembly line, had no idea that anyone might want to crack them. Everything that makes life easier for us can become our enemy, go to the dark side.

Now smart devices are in danger, as are their owners. In this article we will tell you how to save yourself and your loved ones from information leakage.

The dark side of the Internet of things

The protection of smart devices is now lame - manufacturers rely on design and functionality, but they are silent about resistance to attacks, software updates and other important things. Now any device connected to the network can be made a bot, which will be part of a criminal cyber group.

Infected refrigerators and multicookers can be used as cryptocurrency miners and for DDoS attacks. And if there are several hundred thousand such devices, then you can already commit more serious crimes. When there are a lot of bots, they can engage in spamming with malicious programs that are designed to steal passwords and money from accounts. You can distribute false advertising, blackmail, infect other devices - a lot of opportunities.

Almost all malware can be purchased at Darknet stores. There you can buy yourself an army of infected smart devices or just rent them out. There are devices whose source codes are publicly available. Prices do not bite, by the way.

You can collect dozens of bots and fight rivals bots (this is already practiced). The winner gains fame and all infected toasters. So, take a look at your slow cooker - maybe she doesn’t understand pilaf, but fights with other slow cookers in the vastness of the virtual world.

Bots compete with each other, trying to replace the malicious code of other devices with their own. Gaining control of all possible smart devices is the # 1 goal of every cyber-attacker. To do this, hackers even fix vulnerabilities that allowed previous owners to gain access to the device so that no one could certainly infect it again. All in order not to lose control and build up the army of bots.

The real danger of the internet of things

The tasks that currently performed by infected microwaves and air conditioners may at first glance not seem particularly dangerous. Everyone was taught not to click on the links that strangers send by mail, and you can reveal a hidden miner in a few clicks! And what happens if the villains decide to go further?

You can infect an entire network of the Internet of things with malware through a single device. To demonstrate this mechanism in the field, an experimental attack was carried out. As part of the study, the firmware in one smart lamp was changed, which was able to give the opportunity to change the settings in the paired lighting fixtures.

If you are not afraid of the prospect that someone will turn off the lamp above your head every five minutes, then what can you say about the fact that in another study, the programmer managed to break into the traffic control system, change direction, create a traffic jam. Not the most brilliant IT specialist managed to infect traffic sensors. Vulnerabilities were detected in firmware updates, which became a green light for launching a worm, and he was able to subordinate all other road sensors.

If, again, everything seems completely innocent to you, then keep in mind that smart cities are developing around you and, according to experts, in a couple of years everything that is powered by a network or batteries will be connected to the Internet. If devices and smart systems are not properly protected, then anyone (governments of other countries, cybercriminals, terrorists) will be able to gain access to them and inflict horrendous damage on local residents.

Last February, hackers managed to break into the hotel’s computer system. Guests could not get into their rooms, as their electronic cards did not work - the hacked software was just programming the keys. What if the worm enters your thermostat? How much, by the way, are you willing to pay to control the temperature in your home again?

Until the vulnerability of smart devices is resolved, large organizations and celebrities will be a target for hackers.

The question would have stood still for a long time, if not we, the developers of the platform. We create a unique product that can streamline the variety of smart devices, endow them with a low price and the ability to withstand hacker attacks. People need the Internet of things, but it must be safe to use!

Smart device spies

While the risks posed by the Internet of things are being neglected, the leak of personal information and tracking the geolocation of the owner will become familiar to us.

Just imagine how much information smart devices can collect about you and your loved ones.

The webcam in your laptop, on the porch of the porch, in the elevator and in the smartphone - the minimum set of tracking for you. Smart TVs can record sound, cars can tell if their owners are at home.

Information about you will vary depending on the type of device and its functionality, but the method of sending and storing it is chosen by the manufacturer. Basically, all your habits and preferences are stored in the cloud. In order to send them to the manufacturer’s server, the information must go through almost half of the world and can be intercepted and sent to some other place along the way. So fraudsters can gain access to data that for some reason developers of smart devices collect, gain access to useful information and make a successful and large-scale attack.

In the same darknet, you can see a whole database of hacked IP cameras, into the lens of which anyone can look. So, unscrupulous citizens do not need to hack into any servers to get to you. Through a special search engine, you can find cameras installed in stores, in parking lots, in bedrooms, garages and in other places where you can be.

That's who would have thought that buying a camera, you give access to your personal life to strangers. As soon as an attacker gets the opportunity to know everything about your movements, to hear your conversations, to have access to correspondence and bank data, he can make a targeted attack or simply sell all the information collected to any interested person.

What is the best way to protect your smart devices?

If manufacturers allowed users to change the credentials of their smart devices, everything would be much simpler.

But how to get users to change credentials? People are used to everything working from the box - they press the power button, the device is connected to the network and it's ready. It would be nice to make mandatory the creation of a unique and strong password at the first start - this would already reduce the number of possible hacking attempts. The default settings are ease of hacking over 10000. Manufacturers can generate unique and random passwords for each device that they would transmit at the time of purchase.

Updates are a headache for all smart device developers. They eliminate vulnerabilities by almost 100%, but at the same time increase costs. Many smart devices do not allow updating software, so if the device is attacked, it just needs to be disconnected from the network and given to the one who made it. And manufacturers often use antediluvian versions of various libraries and OS, which can be cracked almost from Tetris.

Properly protected IoT devices ensure the privacy of owners' personal data and help to avoid many attacks.

Smart device manufacturers could collaborate with security experts, then all smart products would be regularly tested and tested for resistance to infection. But this will happen only when the platform is launched.

The Importance of Cybersecurity

Once upon a time, cheap surveillance cameras and video recorders were put on the blades of a Twitter server. These were old and generally unprotected devices that someone else used out of greed or out of habit. The Internet is huge, and it has many open IP addresses that a server, PC, or some seedy toaster is connected to. People set easily guessable and stupid passwords, without thinking that their device may be of interest to hackers.

An experiment was conducted that involved the creation of an imitation of a smart toaster. A server was purchased on Amazon and disguised as an unprotected smart device with an open port, which cybercriminals love so much when they are looking for ways to access computers.

But in reality, access was not granted - the attackers thought that they were logging on to the server, but the experimenters saw their IP addresses and what they entered in the input line.

The server was turned on and 41 minutes after starting it was already being tried to crack. The next attack occurred after 26 minutes. Then a small lull and a smart toaster was immediately attacked by 300 different IP addresses. Used factory passwords from various smart devices. Moreover, there was not a single real hacker - the toaster was tried to break into bots, which are constantly looking for open ports and try to crack them.

So, keep in mind - cybercriminals can scan the Internet with high speed in order to search for vulnerable servers, and with each new hacked device they act faster.

If you connect an unprotected device to the network, then in a week at most it will not belong to you. If there is open access, then the chance of hacking is equal to 100%. IP space is not as large as you think - the army of bots will scan it in a couple of hours.

You do a lot of stupid things on the Internet if you consider your actions from the point of view of cybersecurity: use the same passwords, hide keys on the computer, leave the server open, and so on. This is a human factor that will be eliminated at the time of the launch of the platform.

The system will work in such a way that when you purchase the device and start it for the first time, everything will already be configured to maximize the protection of your personal data. No one will know your location and preferences - smart devices will not have the authority to transfer information about you to third parties, including manufacturers.

The future of the Internet of things

The number of smart devices is increasing every day. Commonly used items are connected to the network, which is already a wave of the flag to increase the number of attacks.

Now everything that has access to the Internet literally represents a small, but computer with its own OS and with the ability to perform some set of computational operations. The capabilities of such devices are 100% higher than your expectations and are a welcome target for attackers or miners.

The Internet of things is a young technology, over time it will be improved and the platform will contribute to this.

Join the team on social networks if you advocate a safe Internet of things!