Reading:
IoT (Internet of Things) devices still vulnerable to cyber-attacks
Share:
cybersecurity month

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

IoT (Internet of Things) devices still vulnerable to cyber-attacks

Over the years, technology has been expanding and digital devices are on the upward trend. The idea of connecting a device to every aspect of the home or office for instance has been appealing to many.

Technology enthusiasts have coined the name Internet of Things (IoT) for these kinds of devices which are connected to the internet allowing them to correspond with each other… An example of this would be telling your device to switch the light on or off.

Security vulnerabilities

However, in recent years, the security of IoT devices has been questioned. It’s common knowledge that every technological device has its downside, but the security and privacy of these IoT devices has been increasingly worrying. These devices collect more personal information about people; for example smart meters allows the sharing of data between devices and notifies the device when you’re at home or not.

Some security experts believe that there isn’t enough attention being given to the security and privacy of IoTs when they’re created. This point is proven in multiple situations where cyber-hackers have hacked into smart thermostat systems, smart lock systems, and smart fridge systems, as examples.

Smart thermostats

To highlight the vulnerabilities in these ‘smart’ systems, researchers from IT security firm Pen Test Partners, Andrew Tierney and Ken Munro, demonstrated a ransomware attack on a smart thermostat at the DefCon security conference in August 2016. The Wi-Fi enabled thermostat is basically a Linux computer. It allows the user to change their settings through an SD card, and the researchers show that this is where cyber-hackers can install a malicious programme onto the device. The malicious programme can then allow the attacker to have full control over the thermostat. Though cyber-hackers may need physical access to the device, it’s a real-threat that hackers can access the thermostat easily.

Smart fridges

Just to reinstate the multiple issues with IoT devices, Pen Test Partners demonstrated another smart device that’s vulnerable to hacking; a fridge. In 2014, a Samsung smart fridge (model number RF28HMELBSR), which is controlled by their Smart Home app, was hacked and started sending spam emails. The app is designed to download Gmail Calendar information to an on-screen display. Cyber-hackers who join on the same network can steal Google login information.

Smart locks

Anthony Rose and Ben Ramsey from Merculite Security show that smart locks are just as vulnerable as, or even more-so, than the traditional method of locking with a key. They show that smart locking systems have a long way to go before they can guarantee 100% safety. Mr Rose and Mr Ramsey tested 16 locks from manufacturers including iBluLock, Masterlock, and Quicklock at the DefCon conference; 12 of the 16 failed.

The testing revealed passwords in plain text, which can allow cyber-hackers to access the data if they have a Bluetooth connection. Other smart locking systems such as Lagute and Ceomate were found to be vulnerable to a replay attack. These attacks can allow cyber-hackers to snatch the signal when users’ lock or unlock their doors, to then re-use the method of the locking and/or unlocking method. A replay attack has been around for decades; it’s believed that it was first used to open garage doors. It’s egregious that the issue has been around for so long, but innovators of these IoT devices still choose to push forward with this type of modern technology, seemingly without proper considerations for the security and privacy vulnerabilities that evidently exist.

Vulnerabilities must be addressed

Creators of IoT devices must address their security vulnerabilities before placing it on the market. If they don’t, the consequences of hacking such devices could be devastating.

Sources:

https://www.theguardian.com/technology/2015/may/06/what-is-the-internet-of-things-google

https://thenextweb.com/gadgets/2016/08/08/thermostats-can-now-get-infected-with-ransomware-because-2016/#.tnw_fcTNOSAX

http://www.theregister.co.uk/2015/08/24/smart_fridge_security_fubar/

https://thenextweb.com/insider/2016/08/09/buying-a-smart-lock-might-be-a-dumb-investment/#.tnw_pTYYWjwx

https://www.theguardian.com/technology/2015/may/06/what-is-the-internet-of-things-google

https://thenextweb.com/gadgets/2016/07/27/this-is-why-im-still-wary-of-the-internet-of-things/#.tnw_79OX1P3h

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon