Hackers Can Use Holes In The Internet of Things

Uploaded on 2015-12-08 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Developments, TECHNOLOGY--Hackers, TECHNOLOGY-Key Areas-Internet of Things

It could be a merry holiday season for hackers, with millions of new and potentially vulnerable Internet-connected gadgets hitting the market.

Security experts say the vulnerabilities of Internet of Things devices such as fitness bands like the very successful FitBit, smart-watches, drones and connected appliances could be exploited as consumers adopt these web-enabled products.

Any connected device “can be a pivot point into your network,” said Bruce Snell, cybersecurity and privacy director for Intel Security. Although breaking into a wearable device or drone does not necessarily provide immediate value for a hacker, it can lead to a connection to a smartphone and data, which is stored in the Internet cloud, security experts note. “These could potentially install malware that sniffs out all the passwords on your network and sends them to a remote location,” Snell told AFP.

For easier use, many consumer gadgets use relatively insecure connections and often require minimal use of passwords or other authentication.

Gary Davis, who heads consumer online safety for Intel, said the holidays could be a vulnerable time for consumers and a time for hackers to celebrate.

“With the excitement of getting new devices, consumers often are so eager to begin using them that they do not take time to properly secure them,” he wrote. In some cases, security can be improved by simply changing the password on the device, which may be something as simple as 1234 or 0000, but many people fail to do this.

“When you get that shiny new toy for Christmas, you want to just get it working,” said Alastair Paterson, chief executive at the security firm Digital Shadows.

Exposing documents
Paterson noted that with a blurring of lines between work and leisure time, many people take home sensitive corporate material that can be then stored in a hackable home network. In some cases, Paterson said, “just by connecting it to the home Wi-Fi network, they are exposing documents to the entire Internet.”

The research firm Gartner earlier this month forecast that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020.

Juniper Research predicts “smart toy” sales will hit $2.8 billion this year, while noting that, “vendors will likely require third-party software expertise to avoid PR disasters caused by hackers.” Smart home devices such as thermostats can be a gateway for hackers, according to a report this year by researchers at TrapX Labs.

The researchers took apart and then used a Nest thermostat as a point of attack for a home network and were able to track the users' Internet surfing activity and get access to their private credentials.

The report said that even though Nest “is relatively secure,” there is a concern “that the manufacturers of IoT devices at all points in the supply chain do not seem to have the economic incentives to provide initial cybersecurity... the manufacturers involved with IoT are obsessed with cost-cutting and minimal design footprints.”
AsianAge: http://bit.ly/1RBXOdw

« How to Spot a Fake LinkedIn Profile in 60 Seconds.
Digital Entrepreneurship »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

Octopus Cybercrime Community

Octopus Cybercrime Community

The Octopus Community is a platform for information sharing and cooperation on cybercrime and electronic evidence.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

Privitar

Privitar

Privitar is leading the development and adoption of privacy engineering technology enabling our customers to innovate and leverage data with an uncompromising approach to data privacy.

FoxGuard Solutions

FoxGuard Solutions

FoxGuard Solutions develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

Olfeo

Olfeo

Olfeo is a content filtering software vendor. Our proxy and filtering solution helps our customers to manage, monitor and secure their Internet traffic.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

Council for Information & Communication Technologies (CTIC)

Council for Information & Communication Technologies (CTIC)

CTIC was set up to address specific issues in the field of ICT relevant to the implementation of electronic government.

CryptoSec.info

CryptoSec.info

CryptoSec.info is a web resource focused on educating the beginners in the cryptocurrency space on how to properly secure their online assets from hackers and scammers.

jobsDB.com

jobsDB.com

jobsDB Singapore is a search engine for jobs throughout Singapore.

PAX Momentum

PAX Momentum

PAX Momentum is the Mid-Atlantic’s premier startup accelerator, specializing in cyber, enterprise software, telecom, CleanTech, FinTech, InsureTech, and AI.

Rede Nacional CSIRT

Rede Nacional CSIRT

Rede Nacional CSIRT is a national network of CSIRTs in Portugal aimed at cooperation and mutual assistance in the handling of incidents and in the sharing of good security practices.

ABCsolutions

ABCsolutions

ABCsolutions is dedicated to assisting businesses and professionals achieve compliance with federal anti-money laundering regulations in an intelligent and pragmatic way.

Solvere One

Solvere One

Solvere One is a managed service provider (MSP) focused on corporate consulting and partnership.

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.

Cyber Octet

Cyber Octet

Cyber Octet is an IT Solution, Security, Training and Services company. We provide training and services from Web Application Security to ISO 27001 implementation.