An emerging development which is a growing risk to security is the ‘internet of things’ (IoT). This refers to appliances which are connected to the internet and can therefore be hacked just as a computer can be. While their functionality might be limited, there have been reports of fridges being used to send spam email and at a security demonstration one researcher managed to install a computer game on a photocopier. Around 70% of devices are estimated to be vulnerable to attack. The latest case to hit the headlines involved someone managing to hack a baby monitor and speak to the nanny. There has also been advice from Samsung not to voice personal information in the presence of your smart tv!
The implications of these devices being accessible to hackers are that it could lead to greater security risks than the sending of spam emails. It’s not beyond the realms of belief to imagine that in the future a number of devices in our homes will be connected to the internet and even to each other through a home network, e.g to centralise control of home appliances such as lighting, security cameras and sound. In fact Samsung have gone so far as to promise that all their products will be connected to the internet by 2020. This means that each device is a potential gateway for hackers, who could then gain control of all the devices within your home.
Apart from the pranks that can be the result of controlling appliances such as fridges, coffee machines, thermostats and lighting, an attacker might also be able to gain access and control the security alarm or security cameras. So should you be away, they could access the cameras to confirm no-one is at home and then disable all your security measures in order to burgle your home.
Ok, so you don’t need to panic and set up a firewall for your fridge but it’s important that as these technologies develop, security is kept in mind. Maybe you work from home and have thousands of customer details on your home computer? You wouldn’t want them to be stolen because someone has managed to hack you through your air conditioning system. Pretty embarrassing, not to mention the legal implications.
As the development of intelligent, internet facing devices is predicted to boom, security organisations are beginning to prepare. OWASP, an open source project which compiles a top 10 of web vulnerabilities, has now also created an Internet of Things top 10. Current flaws in the security of these devices include insecure web interface and network, insufficient authorisation processes, lack of encryption and insufficient security configurability. With IT research firm Gartner predicting IoT devices to grow to a huge 26 billion by 2020, that’s a lot of potential opportunities for hackers.
So what should you do to keep such devices secure?
Fortunately, this early consideration of IoT security should alert developers to the potential risks and as such devices evolve, as should their security mechanisms. However, there are also steps which the users of the devices should take.
Scan your perimeter servers for open ports so you can identify the potential entry points for hackers. This can be done using a network scan, such as the one offered for free by Acunetix Online Vulnerability Scanner. Overall, make sure you’re aware of the risks and when shopping for new state-of-the-art appliances make sure you do your research and take security into consideration.