SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
6 Nov 2015

How connected objects help to make lives more insecure

A year ago our colleague David Jacoby, a researcher at GReAT, successfully attempted to hack his own home and discovered a lot of curious things.

David’s experiment inspired many employees around the world. Many employees decided to carry out the same research on their own homes.

To probe smart things for bugs, we chose several popular Internet of Things devices (IoT), such as Google Chromecast (a USB dongle for video streaming), an IP camera and a smart coffee machine and a home security system – all of which could be controlled by a smartphone or mobile app. The models and devices were chosen at random and was quite vendor agnostic. Our experiment proved that ALL of these objects were hackable or could be easily compromised and used to do a hacker’s bidding. We have reported the vulnerabilities to respective vendors. By now, some of the products were patched. Others remained vulnerable.

Chromecast

The creators of Google Chromecast missed a bug, which could allow a hypothetical hacker to broadcast his own TV ‘programs’ – this could be anything from advertisements to scary movies or weird pictures. like countless hours of advertising, or video packed with coarse language. Once the attacker understands how to get into your device, they can continue to manipulate a user’s experience. This can continue for as long as they want, or until the user buys a new dongle or switches back to cable.

If the hacker were armed with a directional antenna, he could interrupt your favorite program at an inopportune time without having to be close by – making them hard to catch. This vulnerability in Chromecast has been there for ages and still remains unpatched.

IP Camera

The IP camera that we decided to test was actually a baby monitor managed via smartphone. By the way, such devices have been hacked as early as 2013 and continue to be exploited. The model we chose for our experiment was produced in 2015, yet we managed to find a couple of bugs.

By tampering with a default baby monitor app, hackers could gain access to email addresses of all of the company’s clients. Since the majority of the camera owners are parents, such a comprehensive database would be a real treat for phishers launching a targeted campaign.

A couple of other flaws allowed our researchers to gain full control over the camera: this allows for someone to see and hear everything happening in a room, play an arbitrary audio file on the device or get root access and modify the camera’s software, meaning to become the sole ruler of this small ‘smart’ thing. We reported the vulnerabilities to the vendor and helped to work on respective patches.

Cup of Joe

Well, the means of messing with our lives and comfort through Chromecast dongles and baby monitors are relatively straightforward. But what’s wrong with the coffee machine? It happens so that this kitchen device might be a great means of spying on you, letting you home Wi-Fi password slip.

Surprisingly, the problem happened to be very challenging to fix, so the vendor still hasn’t managed to patch the bug. The situation is not that grave, though: the temporary window of opportunity for a hacker lasts mere minutes. However, the problem remains even if you change the Wi-Fi password – the coffee machine will gladly give away the password over and over again.

Home Security

The smart home security system also lost this fight. Curiously our expertise did not help here – in fact, it was knowledge of basic physics that made it happen. The system employs special sensors to monitor the magnetic field, which is generated by the built-in magnet in the lock. Once a burglar opens a window or a door, this magnetic field is disturbed and the sensor sends the alert all along the chain.

But one can use a simple magnet to preserve the magnetic field even if the door or the window are open, and thus break into the house. This is a problem that is widely acknowledged, since similar sensors are used in many popular security systems. Moreover, a patch would not help to battle the issue – the very approach should change fundamentally. Speaking of software, this system was absolutely capable of resisting cyberattacks or burglars who did bad in their physics class in a high school.

To minimize the risks and make your home more secure, please follow our recommendations:

— When choosing which aspect of your life you are looking to make ‘smart.’ think along the ‘security first’ line. Do you have a lot of valuables at home? Then make the home security system redundant, complementing a fancy smartphone-managed anti-burglar system with a traditional wired alarm. Are you going to use a device, which would get access to your family’s private life (like baby monitors)? Just think of simple models, which transmit sound over radio frequencies and not via an IP network.

— If the above approach does not suit you, pick smart devices accurately. Before going to the store, conduct an online research on the device you are looking for paying particular attention to relevant news about bugs and patches.

— Don’t buy the latest model. Usually, a brand new gadget comes with bugs yet to be discovered by researchers. Try to choose a device with a proven reputation.

Tags:
Internet of Things information leaks Wi-Fi
Source:
Kaspersky Daily
2247
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015