The Dark Side of Internet of Things Home Devices
Imagine you just bought a million-dollar mansion – the home you’ve always dreamed of. Everything is brand new, but one day you go to the attic and find a crack in one of the wooden windows. Unpatched, the small crevice widens as time passes, inviting rodents and other pests into your home.
Captivated by the new acquisition, you overlook this seemingly minor disadvantage. Just like with IoT gadgets. Most early-adopters fall in love with the sharp design and the promise of a hassle-free life and overlook the impact new devices may have on their privacy and security.
Users fail to notice vulnerabilities.
And they’re not to blame.
Our increasingly tech-wired homes demand a lot of attention, but also a specific set of skills not everyone is eager to learn. As ordinary people accumulate smart gadgets, they have to manage them like professional IT administrators – taking care of multiple users while fixing hardware and software issues on the go. Privacy-minded home residents should assess how many devices occupy their household, how they operate, their security stance, who uses them, if the manufacturer updates software regularly and, crucially, if and how often they get attacked. Not an easy task.
Vulnerabilities come to light
Another setback is that most users don’t realize the importance of fixing software vulnerabilities quickly – in the realm of the Internet of Things, vulnerabilities range from weak passwords to authentication problems, buggy firmware and the lack of updates. Users also down play the magnitude of possible privacy risks. After all, what risk can an innocent light bulb pose?
Connected lighting can open the door to your intelligent home, literally. For instance, a bulb acting as a Wi-Fi repeater can be become a gateway to your home network.
The embedded Wi-Fi repeater functionality means the device routes encrypted and more importantly, unencrypted traffic passing through your network. The worrisome part is that it comes embedded with a weakly secured Telnet service that allows users to access the device remotely. Telnet is an old and simple-to-use network protocol that allows a user on one device to log into another device in the same network. So, if an attacker tries basic brute-forcing, odds are he will guess the service’s default passwords. Via Telnet he can send malicious commands to the device (to shut it down or make it crash) and find where the home network’s Wi-Fi credentials are stored.
A connected device can also be manipulated to trust another malicious device and connect to it. More specifically, an attacker can replicate the access point created while setting up the device and fool the Android application looking to establish a connection. The fake hotspot will be listed on top of the authentic one and, if the app connects to it, attackers can obtain the username and password of the victim’s Wi-Fi network.
Once inside the network, intruders can see all the traffic sent in clear, including passwords, financial data, pictures and other sensitive information. It’s not easy, but it can be done. And the privacy risks are significant.
So, make sure the lock on your home network is as secure as the one on your front door.
Bitdefender BOX will help you keep your piece of mind and your digital property intact by sanitizing all the data passing through the home network from malware, phishing attempts and rogue users.
Additionally, through its new and unique Vulnerability Assessment feature, Bitdefender BOX performs a vulnerability analysis of all the connected devices and will inform you about identified software flaws that may lead to remote, unauthorized access, data theft or malicious attacks.
This ensures that all your devices are unhackable. Read the Bitdefender BOX review for more details on how this powerful home cyber-security device works.
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
Cyber Tips for a Spook-Free Halloween
October 26, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022