Hackers Can Use Holes In The Internet of Things

Uploaded on 2015-12-08 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Developments, TECHNOLOGY--Hackers, TECHNOLOGY-Key Areas-Internet of Things

It could be a merry holiday season for hackers, with millions of new and potentially vulnerable Internet-connected gadgets hitting the market.

Security experts say the vulnerabilities of Internet of Things devices such as fitness bands like the very successful FitBit, smart-watches, drones and connected appliances could be exploited as consumers adopt these web-enabled products.

Any connected device “can be a pivot point into your network,” said Bruce Snell, cybersecurity and privacy director for Intel Security. Although breaking into a wearable device or drone does not necessarily provide immediate value for a hacker, it can lead to a connection to a smartphone and data, which is stored in the Internet cloud, security experts note. “These could potentially install malware that sniffs out all the passwords on your network and sends them to a remote location,” Snell told AFP.

For easier use, many consumer gadgets use relatively insecure connections and often require minimal use of passwords or other authentication.

Gary Davis, who heads consumer online safety for Intel, said the holidays could be a vulnerable time for consumers and a time for hackers to celebrate.

“With the excitement of getting new devices, consumers often are so eager to begin using them that they do not take time to properly secure them,” he wrote. In some cases, security can be improved by simply changing the password on the device, which may be something as simple as 1234 or 0000, but many people fail to do this.

“When you get that shiny new toy for Christmas, you want to just get it working,” said Alastair Paterson, chief executive at the security firm Digital Shadows.

Exposing documents
Paterson noted that with a blurring of lines between work and leisure time, many people take home sensitive corporate material that can be then stored in a hackable home network. In some cases, Paterson said, “just by connecting it to the home Wi-Fi network, they are exposing documents to the entire Internet.”

The research firm Gartner earlier this month forecast that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020.

Juniper Research predicts “smart toy” sales will hit $2.8 billion this year, while noting that, “vendors will likely require third-party software expertise to avoid PR disasters caused by hackers.” Smart home devices such as thermostats can be a gateway for hackers, according to a report this year by researchers at TrapX Labs.

The researchers took apart and then used a Nest thermostat as a point of attack for a home network and were able to track the users' Internet surfing activity and get access to their private credentials.

The report said that even though Nest “is relatively secure,” there is a concern “that the manufacturers of IoT devices at all points in the supply chain do not seem to have the economic incentives to provide initial cybersecurity... the manufacturers involved with IoT are obsessed with cost-cutting and minimal design footprints.”
AsianAge: http://bit.ly/1RBXOdw

« How to Spot a Fake LinkedIn Profile in 60 Seconds.
Digital Entrepreneurship »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

E-Tech

E-Tech

E-Tech has been providing system support and information technology consulting services including Internet and Network Security assessments.

ZDL Group

ZDL Group

At ZDL (formerly ZeroDayLab) we take a comprehensive view of our clients cyber security risks and provide quality services to address those risk

Security Mentor

Security Mentor

Security Mentor provides innovative, online security awareness training designed for how people learn and work.

SecuLution

SecuLution

SecuLution is an Antivirus product using Application Whitelisting which offers much more protection than Virus Scanners ever can.

Blueskytec (BST)

Blueskytec (BST)

Blueskytec has applied its experience of over three decades of working in the field of embedded systems and encryption to provide a scalable and appropriate technology for cyber-physical devices.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

Stealth Software Technologies

Stealth Software Technologies

Stealth Software Technologies is focused on the generation of research and software products focused on applied cryptography and cybersecurity.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Scarlett Cybersecurity

Scarlett Cybersecurity

Scarlett Cybersecurity provide cybersecurity services to US private and public organizations with specific emphasis on compliance and cybersecurity incident prevention, detection, and response.

Skyhawk Security

Skyhawk Security

Skyhawk Security is the originator of Cloud threat Detection and Response (CDR), helping hundreds of users map and remediate sophisticated threats to cloud infrastructure in minutes.

XpertDPO

XpertDPO

XpertDPO provides data security, governance, risk and compliance, GDPR and ISO consultancy to public and private sector organisations.

Association of Azerbaijani Cyber Security Organizations (AKTA)

Association of Azerbaijani Cyber Security Organizations (AKTA)

The Association of Azerbaijani Cyber Security Organizations (AKTA) is a non-commercial organization aimed at strengthening the country's cybersecurity system.

VAST Data

VAST Data

The VAST Data Platform delivers scalable performance, radically simple data management and enhanced productivity for the AI-powered world.

Anjolen

Anjolen

Anjolen provides expertise in cybersecurity, compliance and cyber forensic services.

St Fox

St Fox

St. Fox is a leading consultancy helping enterprises secure their Cloud, Data, endpoints, and applications.