2 min read

Too Much Information Is a Risk in IoT Universe

Ionut ILASCU

January 30, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Too Much Information Is a Risk in IoT Universe

Computer systems can come with various security issues, but not all of them can be exploited to offer direct access to the device; some are just the stepping stone to an attack. When web applications in a smart device can be compelled to spill details about the system, a hacker could profit with an offensive plan.

Hackers typically take advantage of information disclosure vulnerabilities in the reconnaissance stage of an attack. They send requests to the target to learn more about the software it relies on and the environment it works in. At core, these faults are a matter of leaking the info that allow an attacker to look for known and exploitable security bugs.

What may seem like harmless details to some can, in the hands of a hacker, be used to build a plan to breach the target’s defenses or burrow deep into the network. Learning the type and version of the web server or the web framework of the app is enough to start searching for weaknesses. Such information can sometimes be obtained by simply sending a request to the device. In more serious cases, the responses the attackers receive can give them access to account credentials and secret keys, or even source code left unprotected, which may include authentication details.

Run-of-the-mill cybercriminals do not waste time manually analyzing for flaws every device they can reach over the internet. They automate this job and look online for gadgets that respond to particular requests. One recent example is the Reaper botnet that ruled over multiple types of IoT gadgets. It identified devices running firmware vulnerable to remote code execution, then served the exploits to take control of them.

Even if the information is not critical, hackers count on every bit of detail to obtain what they want. As the saying goes, “loose lips sink ships.” Unfortunately, there is nothing you can do directly to eliminate the problem from systems that share too much information or fail to protect data that is not essential for them to function properly. This is a task for the developers of the product.

However, this does not mean you have no option to keep safe the devices susceptible to information disclosure vulnerability attacks until a firmware update eliminates the possibility of attack. The Vulnerability Detection feature in Bitdefender BOX delivers feedback about the gadgets on the network that come with known security issues. Another solution is Bitdefender Home Scanner, which is built specifically for this purpose; it silently identifies the connected products in your home and returns details about their security state.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read