Over the years, technology has been expanding and digital devices are on the upward trend. The idea of connecting a device to every aspect of the home or office for instance has been appealing to many.
Technology enthusiasts have coined the name Internet of Things (IoT) for these kinds of devices which are connected to the internet allowing them to correspond with each other… An example of this would be telling your device to switch the light on or off.
However, in recent years, the security of IoT devices has been questioned. It’s common knowledge that every technological device has its downside, but the security and privacy of these IoT devices has been increasingly worrying. These devices collect more personal information about people; for example smart meters allows the sharing of data between devices and notifies the device when you’re at home or not.
Some security experts believe that there isn’t enough attention being given to the security and privacy of IoTs when they’re created. This point is proven in multiple situations where cyber-hackers have hacked into smart thermostat systems, smart lock systems, and smart fridge systems, as examples.
To highlight the vulnerabilities in these ‘smart’ systems, researchers from IT security firm Pen Test Partners, Andrew Tierney and Ken Munro, demonstrated a ransomware attack on a smart thermostat at the DefCon security conference in August 2016. The Wi-Fi enabled thermostat is basically a Linux computer. It allows the user to change their settings through an SD card, and the researchers show that this is where cyber-hackers can install a malicious programme onto the device. The malicious programme can then allow the attacker to have full control over the thermostat. Though cyber-hackers may need physical access to the device, it’s a real-threat that hackers can access the thermostat easily.
Just to reinstate the multiple issues with IoT devices, Pen Test Partners demonstrated another smart device that’s vulnerable to hacking; a fridge. In 2014, a Samsung smart fridge (model number RF28HMELBSR), which is controlled by their Smart Home app, was hacked and started sending spam emails. The app is designed to download Gmail Calendar information to an on-screen display. Cyber-hackers who join on the same network can steal Google login information.
Anthony Rose and Ben Ramsey from Merculite Security show that smart locks are just as vulnerable as, or even more-so, than the traditional method of locking with a key. They show that smart locking systems have a long way to go before they can guarantee 100% safety. Mr Rose and Mr Ramsey tested 16 locks from manufacturers including iBluLock, Masterlock, and Quicklock at the DefCon conference; 12 of the 16 failed.
The testing revealed passwords in plain text, which can allow cyber-hackers to access the data if they have a Bluetooth connection. Other smart locking systems such as Lagute and Ceomate were found to be vulnerable to a replay attack. These attacks can allow cyber-hackers to snatch the signal when users’ lock or unlock their doors, to then re-use the method of the locking and/or unlocking method. A replay attack has been around for decades; it’s believed that it was first used to open garage doors. It’s egregious that the issue has been around for so long, but innovators of these IoT devices still choose to push forward with this type of modern technology, seemingly without proper considerations for the security and privacy vulnerabilities that evidently exist.
Vulnerabilities must be addressed
Creators of IoT devices must address their security vulnerabilities before placing it on the market. If they don’t, the consequences of hacking such devices could be devastating.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.