Research from consumer security firm BullGuard has shown that, with an ever-increasing amount of connected devices in our everyday lives from fitness trackers, smart TVs and even children's toys, millions of people are seriously at risk of being hacked.
Commenting on this, Ben Hertzberg, Research Group Manager at Imperva, said: “The main threat with the Internet of Things (IoT) is that there are billions of internet connected devices where basic security standards are not enforced. Devices are shipped with default credentials (sometimes without the ability to change them), vulnerabilities in their web interfaces and remote update procedures. With Gartner estimating that over 20 billion of these devices will be in use by 2020, the problem may grow from a nuisance to a catastrophe. The danger is not only their use as a weapon for Denial of Service attacks (DoS), but also other risks like using the devices as a platform to infiltrate networks and using the devices to remotely view sensitive material.
The surge of IoT systems is accompanied with a surge of breaches. As in previous IoT hacks, like the teddy bear hack and some of the recent vehicle hacks, the tendency is to focus on the end device, the potential of someone taking control and the nature of the data that was poorly protected, bringing the cyber threats to the most intimate places of our lives. In many cases, it is not the device itself that was exploited, but the server through which the device was connecting to the internet or mobile application along with the interaction between them. The security community well understands that a web server open to the internet presents a target for any hacker located anywhere on the planet, and without proper security controls in place, getting hacked is only a question of time. However, it seems that for IoT servers, which share essentially the same risks, it will take some time and some more creepy hacks, for the security surrounding the IoT servers to reach this maturity.
We’re seeing those devices being used in other malicious activities like probing websites for vulnerabilities and attempting to take over accounts. In conclusion – every company that’s selling devices that connect to the internet must know that in that moment they become a target, and will probably not have a lot of grace time before they start getting attacked.”
Chris Clark, Principal Security Engineer at Synopsys, added: “Who doesn’t want a £5.99 plushy that can speak to you? But therein lies the challenge. Consumers need to be more aware of the types of technologies brought into the home and how they could be used. Consumers can also look to organisations, such as UL, that provide some level of assurance that the products purchased and certified by UL are more robust than low cost throw away consumer devices. As consumers start to require more secure products from manufacturers, they will be forced to follow the most basic of cyber hygiene development practices which would reduce the potential threat considerably."
The BullGuard research of 2,000 UK adults who own smart devices also revealed that one in three people are not aware of the possible security risks faced by their gadgets - which include people hacking into baby monitors, door locks and even fridges. Paul Lipman, CEO at BullGuard, said: “Many smart connected devices have little or no security protection. We’ve already seen how one attack that used thousands of hacked smart devices took down leading internet services in the US including Netflix and Twitter. Hacks on the smart home could have much more damaging consequences.”
A third of British people don’t think smart device manufacturers do enough to educate consumers about the implications of not securing internet connected devices. And over a fifth of people said they are reluctant to buy additional smart devices because they have doubts over how secure they are. While six in ten respondents would be encouraged to buy additional smart devices if manufacturers did more to put consumer’s minds at ease regarding the security risks. Almost half were not aware manufacturers of smart home devices release software updates that could improve the security - and 35% do not know how to apply the updates.
Thirty-seven percent of the survey respondents admitted they don’t know how to protect their smart devices from being hacked and over a third do not regularly change the password on their routers. Eight in ten said they are worried cyber criminals could hack into their smart tech – with 91% concerned hackers could monitor their every move. While three in five people are worried hackers could watch or listen to their children through web cams or baby monitors.