As you’re playing with all the new tech gadgets you received over the holidays, it’s important to think about how connected devices can lead to data theft. Since Internet of Things (IoT) devices are notorious for insecure design, hackers can exploit vulnerabilities in many of them to steal data with little effort. Some devices are riskier than others, but general awareness of these risks and a few security best practices can help prevent IoT device attacks.
Here’s a helpful list of several types of household tech gadgets with documented security issues in the past year:
- Webcams: Cybercriminals have found vulnerabilities in webcams that allow them to secretly record and broadcast the lives of their owners – not necessarily a financially damaging attack, but certainly a creepy invasion of privacy! Additionally, security researchers have found ways to sneakily record video chat calls using services like Skype or Google Hangouts. To mitigate some of these risks, keep your system patched with the latest updates, cover your laptop’s built-in webcam when it’s not in use, and using strong security protections on your home router or work network.
- Smart Locks: At Black Hat this year, researchers took Bluetooth Low Energy smart locks to task, successfully hacking 12 out of the 16 they tested. Some of these locks were exploited in a way that allowed researchers to reset the devices’ passwords, preventing anyone else from opening them. A few smart lock vendors have addressed their product’s vulnerabilities, but many have not. Do some research before buying a smart lock to see which brands have the best security.
- IP cameras: These devices have been used to power the massive Mirai IoT botnet and others like it that enabled some of the huge DDOS attacks over the past six months. Digital video cameras are usually built with a simple Linux operating system – a familiar target for hackers. One researcher found that his webcam was re-infected with botnet malware less than half an hour after he reset it.
- Home automation devices: Security flaws have been found in Nest smart thermostats that can reveal the location of customer homes and allow criminals to take control of the device. Nest is actually quite secure for a IoT device, but you should still take these risks into account before buying or deploying one.
- Smart light bulbs: Connected light bulbs with certain operating systems can easily be hacked to form botnets. At Black Hat 2016, researchers speculated that it might be possible to create a self-spreading worm that could jump from lightbulb to lightbulb.
- Non-Bluetooth Wireless Computer Accessories: Earlier this year, researchers were able to hack several brands of wireless mice and keyboards from up to 100 meters away by sniffing unencrypted traffic between the wireless mouse and dongle. They ultimately gained access to the machines and networks the mice were connected to. Do your homework before buying a new wireless mouse or keyboard and make sure it uses secure, encrypted Bluetooth communication.
If you got any of these tech toys in your stocking, keep these vulnerabilities in mind and use the above tips to minimize potential security risks. For more information on vulnerabilities commonly found in connected devices, and what the industry can do about it, read WatchGuard CTO, Corey Nachreiner’s recent Dark Reading column: 7 Security Lessons The Video Game Industry Can Teach IoT Manufacturers.