Hackers Can Use Holes In The Internet of Things

Uploaded on 2015-12-08 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Developments, TECHNOLOGY--Hackers, TECHNOLOGY-Key Areas-Internet of Things

It could be a merry holiday season for hackers, with millions of new and potentially vulnerable Internet-connected gadgets hitting the market.

Security experts say the vulnerabilities of Internet of Things devices such as fitness bands like the very successful FitBit, smart-watches, drones and connected appliances could be exploited as consumers adopt these web-enabled products.

Any connected device “can be a pivot point into your network,” said Bruce Snell, cybersecurity and privacy director for Intel Security. Although breaking into a wearable device or drone does not necessarily provide immediate value for a hacker, it can lead to a connection to a smartphone and data, which is stored in the Internet cloud, security experts note. “These could potentially install malware that sniffs out all the passwords on your network and sends them to a remote location,” Snell told AFP.

For easier use, many consumer gadgets use relatively insecure connections and often require minimal use of passwords or other authentication.

Gary Davis, who heads consumer online safety for Intel, said the holidays could be a vulnerable time for consumers and a time for hackers to celebrate.

“With the excitement of getting new devices, consumers often are so eager to begin using them that they do not take time to properly secure them,” he wrote. In some cases, security can be improved by simply changing the password on the device, which may be something as simple as 1234 or 0000, but many people fail to do this.

“When you get that shiny new toy for Christmas, you want to just get it working,” said Alastair Paterson, chief executive at the security firm Digital Shadows.

Exposing documents
Paterson noted that with a blurring of lines between work and leisure time, many people take home sensitive corporate material that can be then stored in a hackable home network. In some cases, Paterson said, “just by connecting it to the home Wi-Fi network, they are exposing documents to the entire Internet.”

The research firm Gartner earlier this month forecast that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020.

Juniper Research predicts “smart toy” sales will hit $2.8 billion this year, while noting that, “vendors will likely require third-party software expertise to avoid PR disasters caused by hackers.” Smart home devices such as thermostats can be a gateway for hackers, according to a report this year by researchers at TrapX Labs.

The researchers took apart and then used a Nest thermostat as a point of attack for a home network and were able to track the users' Internet surfing activity and get access to their private credentials.

The report said that even though Nest “is relatively secure,” there is a concern “that the manufacturers of IoT devices at all points in the supply chain do not seem to have the economic incentives to provide initial cybersecurity... the manufacturers involved with IoT are obsessed with cost-cutting and minimal design footprints.”
AsianAge: http://bit.ly/1RBXOdw

« How to Spot a Fake LinkedIn Profile in 60 Seconds.
Digital Entrepreneurship »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Venafi

Venafi

Venafi is a world-class cyber-security company dedicated to protecting machine identities for our hyper-connected digital economy.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative is an information security and cyber security company with 40-plus years of experience across industry & government.

Cyber Polygon

Cyber Polygon

Cyber Polygon is an annual online exercise which connects various global organisations to train their competencies and exchange best practices.

Mandiant

Mandiant

Mandiant deliver dynamic cyber defense solutions powered by industry-leading expertise, intelligence and innovative technology.

Xscale Accelerator

Xscale Accelerator

Xscale's vision is to create world-class startups out of India by transforming sales and providing access to global markets.

PacketViper

PacketViper

PacketViper’s Deception360 actively defends networks with deception-based threat detection and automated response to both external and internal cyber threats.

BigBear.ai

BigBear.ai

BigBear.ai delivers high-end analytics capabilities across the data and digital spectrum to deliver information superiority and decision support.

Ridge Security

Ridge Security

Ridge Security enables enterprise and web application teams, ISVs, governments, education, DevOps, anyone responsible for ensuring software security to affordably and efficiently test their systems.

Banyax

Banyax

Banyax provides 24×7 real-time Cyber Defense Center Services using the latest technology tools to provide state-of-the-art defense.

Aeries Technology

Aeries Technology

Aeries is a technology services organization offering capabilities in Technology Services, Digital Transformation, and Business Process Management.

Box

Box

Box is the Cloud Content Management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications.

Turngate

Turngate

Turngate simplify security investigations so you can see employee activities and entitlements in your enterprise in seconds.

Chorus Cyber

Chorus Cyber

Chorus are a leading Managed Security Service Provider (MSSP), and member of the Microsoft Intelligent Security Association (MISA), with three Microsoft Advanced Specialisations in security.

System Two Security

System Two Security

System Two Security automates detection engineering and threat hunting.

Command Zero

Command Zero

Command Zero is the industry’s first autonomous and AI-assisted cyber investigations platform, built to transform security operations in complex enterprise environments.