SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
9 Sep 2016

Printers now the least-secure things on the internet

The Internet of Things is exactly as bad a security nightmare as pessimists think it is, according to Bitdefender's Bogdan Botezatu.

The senior threat analyst at the Romanian security software company called by to chat to Vulture South while in Australia (we were, I suspect, meant to discuss the company's 2017 launches, but conversation digressed from the start, and there's plenty of time between now and the end of the year).

Experts have long been following the persistent awfulness of “SOHOpeless” broadband routers, but Botezatu says they've already been overtaken by the awfulness of other things. “We get a lot of telemetry in our vulnerability assessment labs,” he said. “The router is no longer the worst device on the Internet. It's now the printer.”

That's a pretty big claim to make, given that in in less than a month, we've discussed the no-we-won't-fix-it Inteno router from Sweden and the record-setting Chinese surveillance router.

Botezatu himself has been horrified by routers acting as “smart home gateways”: for example last year, he tested one such device, and was pleased at its default security posture, but there was one problem.

“It allowed unauthenticated downgrades to the firmware,” he said. “So it doesn't matter that it looks secure.” But the printers still win out: many, he said (without identifying the guilty party), offer public shares that are visible to the Internet (because lots of home users also leave their routers too close to default configuration).

Creating a power point that's “smart” and exposed to the Internet – like this one – is just stupid, because there'll never be sufficient security that someone's home ventilation machine can't be switched off by an attacker, Botezatu told Vulture South; a coffee-pot is an invitation to disaster, and “a smart electric oven should be just illegal”, he said.

There's a huge expectation gap between how ordinary people think of their whitegoods, and what happens when the Internet of Things invades them. “We expect appliances to have a long lifetime, but vendors won't support them with updates forever,” he said. Once the world gets to the point where there's no “dumb” option for a refrigerator or washing machine, consumers will be in a squeeze.

Either they'll be force-marched into buying a new refrigerator/washer/dryer/microwave because the software is end-of-life; or they'll be stuck with a product that's vulnerable to attackers. “There's always an attack surface”, he said. “The Internet of Things overcomplicates things massively.

“How do you patch things that have no user interface?” 

Certainly not by any kind of vendor push-process – because that means vendors will hold credentials of some kind, and we know that golden keys inevitably leak somehow. There's a (euphemistic) shedload of IoT vulnerabilities already, Botezatu said: “It's scary, it's complicated, and it's potentially lethal.”

In a world where very simple social engineering spam still works to drop ransomware, he said, layering of security is still the best defence – signature detection, followed by heuristics, followed by behavioural analysis. But the last layer, Botezatu fears, always seems to be “luck”: and in a world where a vulnerability could be a vector to burning down a house, that's just not good enough.

Tags:
information leaks Internet of Things
Source:
The Register
2139
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015