Industry News Smart Home

The Dark Side of Internet of Things Home Devices

Imagine you just bought a million-dollar mansion – the home you’ve always dreamed of. Everything is brand new, but one day you go to the attic and find a crack in one of the wooden windows. Unpatched, the small crevice widens as time passes, inviting rodents and other pests into your home.

Captivated by the new acquisition, you overlook this seemingly minor disadvantage. Just like with IoT gadgets. Most early-adopters fall in love with the sharp design and the promise of a hassle-free life and overlook the impact new devices may have on their privacy and security.

Users fail to notice vulnerabilities.

And they’re not to blame.

Our increasingly tech-wired homes demand a lot of attention, but also a specific set of skills not everyone is eager to learn. As ordinary people accumulate smart gadgets, they have to manage them like professional IT administrators – taking care of multiple users while fixing hardware and software issues on the go. Privacy-minded home residents should assess how many devices occupy their household, how they operate, their security stance, who uses them, if the manufacturer updates software regularly and, crucially, if and how often they get attacked. Not an easy task.

Vulnerabilities come to light

Another setback is that most users don’t realize the importance of fixing software vulnerabilities quickly – in the realm of the Internet of Things, vulnerabilities range from weak passwords to authentication problems, buggy firmware and the lack of updates. Users also down play the magnitude of possible privacy risks. After all, what risk can an innocent light bulb pose?

Connected lighting can open the door to your intelligent home, literally. For instance, a bulb acting as a Wi-Fi repeater can be become a gateway to your home network.

The embedded Wi-Fi repeater functionality means the device routes encrypted and more importantly, unencrypted traffic passing through your network. The worrisome part is that it comes embedded with a weakly secured Telnet service that allows users to access the device remotely. Telnet is an old and simple-to-use network protocol that allows a user on one device to log into another device in the same network. So, if an attacker tries basic brute-forcing, odds are he will guess the service’s default passwords. Via Telnet he can send malicious commands to the device (to shut it down or make it crash) and find where the home network’s Wi-Fi credentials are stored.

A connected device can also be manipulated to trust another malicious device and connect to it. More specifically, an attacker can replicate the access point created while setting up the device and fool the Android application looking to establish a connection. The fake hotspot will be listed on top of the authentic one and, if the app connects to it, attackers can obtain the username and password of the victim’s Wi-Fi network.

Once inside the network, intruders can see all the traffic sent in clear, including passwords, financial data, pictures and other sensitive information. It’s not easy, but it can be done. And the privacy risks are significant.

So, make sure the lock on your home network is as secure as the one on your front door.

Bitdefender BOX will help you keep your piece of mind and your digital property intact by sanitizing all the data passing through the home network from malware, phishing attempts and rogue users.

Additionally, through its new and unique Vulnerability Assessment feature, Bitdefender BOX performs a vulnerability analysis of all the connected devices and will inform you about identified software flaws that may lead to remote, unauthorized access, data theft or malicious attacks.

This ensures that all your devices are unhackable. Read the Bitdefender BOX review for more details on how this powerful home cyber-security device works.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.

1 Comment

Click here to post a comment