The Internet of Things – When Smart Devices Aren’t So Smart
The Internet has changed the world over the past 30 years, and mostly for the better. Increased connectivity, increased convenience, and increased information is all available at our fingertips, 24 hours a day.
So, it is only natural that we would want to bring the Internet into our physical lives and purchase the latest smart appliances and gadgets for our homes and businesses. However, sometimes smart devices aren’t so smart, and can they cause all sorts of security headaches if you’re not prepared for them.
Many smart devices run on the Android or Linux operating systems, but don’t use the latest, most secure versions. This leaves them vulnerable to online attacks in which a vulnerability is exploited to give the attacker full access to the underlying operating system. At this point the attacker has remote access to what is essentially their own computer, inside your network’s firewall. A clever attacker will use this opportunity to secure the device so that other rival hackers don’t end up taking control of it.
A particularly evil hacker might try to turn off your smart air-conditioning or disable your smart locks, but the majority will be content to silently sit on your network, attacking your other devices or computers elsewhere on the Internet. A smart device such as a fridge is particularly good for this as it doesn’t get switched off when everybody goes home for the day, so the hacker has free reign over the network in the meantime.
Many smart devices use standard passwords such as “admin” and “password” to protect their remote interfaces. Many also expose these remote interfaces directly to the Internet. The result of this is the rise of botnets such as Mirai, which scan the Internet testing these common passwords against smart devices and infecting them with code designed to scan for more devices and conduct DDoS attacks on command.
Many users don’t change these default passwords, but even the ones that do might not be safe, as unchangeable hidden passwords have been found in some of these devices.
Even if you change the default passwords on your smart devices and hide them from the Internet using a firewall, they still might betray you or your company. Smart devices have been known to upload WiFi passwords to the manufacturer’s servers, and many will upload data about their usage without the user’s knowledge. They may even exploit nearby open wireless networks to upload this data.
So, consider very carefully whether you want to let smart devices have access to your network and your business. Even if you’re unconcerned with the security vulnerabilities they introduce, a smart device will often stop working when the manufacturer conducts maintenance on the servers, or eventually when the servers are taken down for good.