As technology gets more advanced we all think about products that can make our life easier and more secure.
The reality though can prove to be very different, as while the tech can be sophisticated the security often isn’t.
The government estimates that every household in the UK owns at least 10 internet-connected devices. But that figure is expected to rise to 15 by 2020, so increasing the security to prevent further breaches is more essential than ever.
We’ve already told you all about the cyber risk of internet-connected toys but other ‘smart’ products are just as risky.
The latest issue has been found in Smart Cam security cameras, which you’d like to think will keep you safe.
Instead, though tech firm Hanwha Techwin has been forced to fix 13 ‘critical security holes’, which allowed attackers to take control of the camera or even attack the connected network.
Kaspersky Lab researchers discovered the vulnerabilities and revealed that 2,000 of the devices, popular with both consumers and small businesses, have publically accessible IP addresses. But they believe the actual number of vulnerable cameras to be a lot higher.
Four of the 13 bugs related to cloud functions, while the rest were all issues with the actual camera itself.
This latest incident comes after warnings were issues about a range of smart products.
Cyber researchers at the Ben-Gurion University of the Negev (BGU) found that baby monitors, home security cameras, doorbells, and thermostats were all easily hacked.
Dr. Yossi Oren, a senior lecturer in BGU’s Department of Software and Information Systems Engineering and head of the Implementation Security and Side-Channel Attacks Lab at Cyber@BGU.
“Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products. It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand,” added Omer Shwartz, a Ph.D. student and member of Dr. Oren’s lab. “Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely.“
Perhaps more worrying was the fact they were able to logon to Wi-Fi networks simply by retrieving the password stored in a device to gain network access.
In the past hackers have even used internet-connected devices to take sites, including Twitter, Reddit and Spotify offline.
The good news though is that the government has finally announced new guidelines to make all internet connected devices safer.
They include making passwords unique and not resettable to factory default and making sure sensitive data, which is transmitted via apps is always encrypted.
The government’s Security by Design review also suggested:
Device manufacturers have a point of contact so that security researchers can report issues immediately
Software should be updated automatically with clear guidance for customers
It should be easy for consumers to delete personal data
Installation and maintenance should be easy for consumers
Margot James, minister for digital and the creative industries, said: “We want everyone to benefit from the huge potential of internet-connected devices, and it is important they are safe and have a positive impact on people’s lives.
“We have worked alongside industry to develop a tough new set of rules so strong security measures are built into everyday technology from the moment it is developed.”
To help you stay safe BGU researchers offer a number of tips.
Buy IoT devices only from reputable manufacturers and vendors.
Avoid used IoT devices. They could already have malware installed.
Research each device online to determine if it has a default password and if so change before installing.
Use strong passwords with a minimum of 16 letters. These are hard to crack.
Multiple devices shouldn’t share the same passwords.
Update software regularly which you will only get from reputable manufacturers.
Carefully consider the benefits and risks of connecting a device to the internet.