Hackers Can Use Holes In The Internet of Things

Uploaded on 2015-12-08 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Developments, TECHNOLOGY--Hackers, TECHNOLOGY-Key Areas-Internet of Things

It could be a merry holiday season for hackers, with millions of new and potentially vulnerable Internet-connected gadgets hitting the market.

Security experts say the vulnerabilities of Internet of Things devices such as fitness bands like the very successful FitBit, smart-watches, drones and connected appliances could be exploited as consumers adopt these web-enabled products.

Any connected device “can be a pivot point into your network,” said Bruce Snell, cybersecurity and privacy director for Intel Security. Although breaking into a wearable device or drone does not necessarily provide immediate value for a hacker, it can lead to a connection to a smartphone and data, which is stored in the Internet cloud, security experts note. “These could potentially install malware that sniffs out all the passwords on your network and sends them to a remote location,” Snell told AFP.

For easier use, many consumer gadgets use relatively insecure connections and often require minimal use of passwords or other authentication.

Gary Davis, who heads consumer online safety for Intel, said the holidays could be a vulnerable time for consumers and a time for hackers to celebrate.

“With the excitement of getting new devices, consumers often are so eager to begin using them that they do not take time to properly secure them,” he wrote. In some cases, security can be improved by simply changing the password on the device, which may be something as simple as 1234 or 0000, but many people fail to do this.

“When you get that shiny new toy for Christmas, you want to just get it working,” said Alastair Paterson, chief executive at the security firm Digital Shadows.

Exposing documents
Paterson noted that with a blurring of lines between work and leisure time, many people take home sensitive corporate material that can be then stored in a hackable home network. In some cases, Paterson said, “just by connecting it to the home Wi-Fi network, they are exposing documents to the entire Internet.”

The research firm Gartner earlier this month forecast that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020.

Juniper Research predicts “smart toy” sales will hit $2.8 billion this year, while noting that, “vendors will likely require third-party software expertise to avoid PR disasters caused by hackers.” Smart home devices such as thermostats can be a gateway for hackers, according to a report this year by researchers at TrapX Labs.

The researchers took apart and then used a Nest thermostat as a point of attack for a home network and were able to track the users' Internet surfing activity and get access to their private credentials.

The report said that even though Nest “is relatively secure,” there is a concern “that the manufacturers of IoT devices at all points in the supply chain do not seem to have the economic incentives to provide initial cybersecurity... the manufacturers involved with IoT are obsessed with cost-cutting and minimal design footprints.”
AsianAge: http://bit.ly/1RBXOdw

« How to Spot a Fake LinkedIn Profile in 60 Seconds.
Digital Entrepreneurship »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

DLA Piper

DLA Piper

DLA Piper is a global law firm with offices throughout the Americas, Asia Pacific, Europe and the Middle East. Practice areas include Cybersecurity.

National Cyber Security Centre (NCSC) - Netherlands

National Cyber Security Centre (NCSC) - Netherlands

NCSC Netherlands coordinates enhancing the cyber resilience of the Netherlands in the digital domain.

SynerComm

SynerComm

SynerComm is an IT solution provider specializing in network and security infrastructure, enterprise mobility, remote access, wireless solutions, audit, pentesting and information assurance.

exceet Secure Solutions

exceet Secure Solutions

exceet Secure Solutions is your experienced specialist for Internet of Things (IoT), Heath Telematics, electronic signatures and timestamps and IT security.

CTERA Networks

CTERA Networks

CTERA provides cloud storage solutions that enable service providers and enterprises to launch managed storage, backup, file sharing and mobile collaboration services using a single platform.

AKATI Sekurity

AKATI Sekurity

AKATI Sekurity is a security-focused consulting firm providing services specializing in Information Security and Information Forensics.

Aptible

Aptible

Security Management and Compliance for Developers. Aptible helps teams pass information security audits and deploy audit-ready apps and databases.

ProSearch Partners

ProSearch Partners

ProSearch Partners are national talent acquisition specialists exclusively focussing on Technology and Digital talent including Cybersecurity, Data Analytics and Execs.

MSPAlliance

MSPAlliance

MSPAlliance is the world’s largest industry association and certification body for cloud computing and managed service professionals.

Secuvant

Secuvant

Secuvant is an independent IT Security firm providing enterprise-grade IT security services to mid-market organizations.

Quantum Security Solutions (QSec)

Quantum Security Solutions (QSec)

QSec is an innovative information security consultancy based in Ghana. We can provide your organisation with information security products and services that assure against information risk.

Cybolt

Cybolt

Cybolt helps companies, organizations, and governments manage digital risks and live in an environment of confidence and certainty.

ATSG

ATSG

ATSG is a global leader in transformational technology solutions for today’s digital enterprise. Cybersecurity ranging from Advisory & Assessment to Fully Managed Detection and Response Services.

CV-Library

CV-Library

Start your job search with 216,931 live UK vacancies on award-winning CV-Library. Register your CV and find local jobs near you today!

NASK

NASK

NASK is a National Research Institute under the supervision of the Chancellery of the Prime Minister of Poland. Our key activities involve ensuring security online.

TrustCloud

TrustCloud

TrustCloud is a global company specializing in the orchestration and custody of secure digital transactions including identification, signature, payments, and electronic custody.