• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Did You Receive Any Hackable Tech Toys This Holiday Season?

January 4, 2017 By The Editor

gadgets

As you’re playing with all the new tech gadgets you received over the holidays, it’s important to think about how connected devices can lead to data theft. Since Internet of Things (IoT) devices are notorious for insecure design, hackers can exploit vulnerabilities in many of them to steal data with little effort. Some devices are riskier than others, but general awareness of these risks and a few security best practices can help prevent IoT device attacks.

Here’s a helpful list of several types of household tech gadgets with documented security issues in the past year:

  • Webcams: Cybercriminals have found vulnerabilities in webcams that allow them to secretly record and broadcast the lives of their owners – not necessarily a financially damaging attack, but certainly a creepy invasion of privacy! Additionally, security researchers have found ways to sneakily record video chat calls using services like Skype or Google Hangouts. To mitigate some of these risks, keep your system patched with the latest updates, cover your laptop’s built-in webcam when it’s not in use, and using strong security protections on your home router or work network.
  • Smart Locks: At Black Hat this year, researchers took Bluetooth Low Energy smart locks to task, successfully hacking 12 out of the 16 they tested. Some of these locks were exploited in a way that allowed researchers to reset the devices’ passwords, preventing anyone else from opening them. A few smart lock vendors have addressed their product’s vulnerabilities, but many have not. Do some research before buying a smart lock to see which brands have the best security.
  • IP cameras: These devices have been used to power the massive Mirai IoT botnet and others like it that enabled some of the huge DDOS attacks over the past six months. Digital video cameras are usually built with a simple Linux operating system – a familiar target for hackers. One researcher found that his webcam was re-infected with botnet malware less than half an hour after he reset it.
  • Home automation devices: Security flaws have been found in Nest smart thermostats that can reveal the location of customer homes and allow criminals to take control of the device. Nest is actually quite secure for a IoT device, but you should still take these risks into account before buying or deploying one.
  • Smart light bulbs: Connected light bulbs with certain operating systems can easily be hacked to form botnets. At Black Hat 2016, researchers speculated that it might be possible to create a self-spreading worm that could jump from lightbulb to lightbulb.
  • Non-Bluetooth Wireless Computer Accessories: Earlier this year, researchers were able to hack several brands of wireless mice and keyboards from up to 100 meters away by sniffing unencrypted traffic between the wireless mouse and dongle. They ultimately gained access to the machines and networks the mice were connected to. Do your homework before buying a new wireless mouse or keyboard and make sure it uses secure, encrypted Bluetooth communication.

If you got any of these tech toys in your stocking, keep these vulnerabilities in mind and use the above tips to minimize potential security risks. For more information on vulnerabilities commonly found in connected devices, and what the industry can do about it, read WatchGuard CTO, Corey Nachreiner’s recent Dark Reading column: 7 Security Lessons The Video Game Industry Can Teach IoT Manufacturers.

Share This:

Related

Filed Under: Editorial Articles Tagged With: cyber security, exploit, Hacking, Infosec news, Malware

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • An Update on Section 230

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use