UAE security analysts find vulnerabilities in IoT devices
Cyber-security experts urge businesses and individuals to understand the risks of “smart” devices
The boom of the Internet of Things (I0T) and smart devices means we are heading towards a connected and convenient future.
A future which sees an influx of smart devices, such as smart kitchen appliances informing you when the refrigerator requires stocking up to health-related wearable devices which can monitor your heart rate or blood pressure. The overall aim of a connected future, is to make like simpler and better.
However, behind the convenience, lurks issues focussed on security risks, lack of privacy, cyber hacks and potential heightened surveillance abilities from government officials, which was revealed earlier this year by US director of national intelligence, James Clapper.
Furthermore, research house Gartner predict that, by 2020, a black market exceeding $5bn will exist to sell fake sensor and video data for enabling criminal activity and protecting personal privacy. With all the data that smart devices has the potential to gather, it means these devices are vulnerable to targeted attacks.
Managed, a UAE-based cyber security company showcased how vulnerable these IoT systems and smart consumer electronics are to being hacked and breached.
The security analysts hacked and compromised well-known smart consumer electronics, children's games and toys, computing devices and industrial equipment. The aim was to raise awareness in the market about the dangers lurking in these devices and how to mitigate the risk. According to the Managed engineers, they have routinely found connected devices being deployed without suitable security and hardening processes.
Managed experts explain that users must realise that these devices are full-fledged computers that require the same level of patching and security management as their regular PCs and communication devices.
The other serious issue is the amount of information being sent back by the connected smart devices to the manufacturer or the service provider. As the number of devices being deployed in the field increases, manufacturers are adding more services to generate revenue. Packet data analysis of traffic going from the devices back to the manufacturer shows very detailed information being sent back.
Managed recommends that companies and consumers should be mindful of security and privacy when deploying these new technology devices at work and in their homes. The first step is to change the default passwords for admin level to complex passwords and then update the firmware with the latest version to ensure the devices are secure.
Users should carefully check the options in the setup menus to ensure that their privacy is maintained. Managed analysts however warn that selecting privacy options is still not a guarantee that user's private information is not being sent back. Companies should also think through the security implications and if possible isolate the IoT equipment from their main corporate networks.