Beware the Holiday Hack

Most online 2017 holiday gift guides have one thing in common: IoT gadgets. Wi-Fi video doorbells, wearable health monitors, phone-controlled toy robots, and “smart” ovens are just a few of the thousands of Internet-connected products being offered this holiday season. Such gifts might seem like safe products to give or receive, but reports about recent IoT hacks have shown us that most, if not all, Internet-connected devices are potential targets for hackers.

A few notable 2017 security hacks, breaches, and threats:

  • Smartwatch Eavesdropping: In November, a German regulator banned the sale of a kids’ smartwatch with a prohibited eavesdropping function. The Federal Network Agency’s President Jochen Homann said: “The watches are regarded as unauthorized transmitting equipment. Our investigations found, for example, that parents were using them to eavesdrop on teachers in lessons.” Read More
  • IoTroop: Qihoo 360 and Check Point Research recently reported that the IoTroop botnet, also known as “Reaper,” was hijacking IoT devices, such as routers and IP cameras, around the globe at an extremely rapid rate. Read More
  • Pacemaker Recall: The FDA announced in August that Abbott’s RF-enabled implantable pacemakers contain embedded devices that are vulnerable to wireless attack. While no exploits have been reported, it is feared that hackers could access the pacemaker and reprogram it to harm a patient. Read More
  • CAN Bus Hack: In August 2017, TrendMicro reported that security research team found that it is possible to turn off a vehicle’s key automated components—including safety mechanisms such as the antilock braking system (ABS) and door locks—by accessing its internal controller area network (CAN) bus, which is the network that connects all of a vehicle’s processors. The team concluded that the new denial of service (DoS) attack was vendor neutral and “indefensible by modern car security technology.” Read More
  • Casino Fish Tank Hack: In July, we learned that attackers tried to steal data from a Las Vegas casino by hacking into one of its “smart” fish tanks. The tank’s sensors were connected to a PC for monitoring temperature and fish food. Once the hackers gained access to the tank, they found other vulnerabilities moved throughout the network. Read More

As you will notice by reading through the articles we posted, too many of today’s IoT devices were designed with limited or no security, making those devices vulnerable. But with more reported hacks comes more visibility and urgency to address the security challenges of the IoT. We certainly see more and more seriousness on the part of IoT device manufacturers to plug security gaps and expect IoT device manufacturers to do more to secure their devices against hacks. In the meantime, there are some practical steps consumers can take to improve security and privacy:

  • Determine if your personal and/or financial information has already been exposed to hackers.
  • Use strong passwords for your IoT devices and accounts.
  • Use secure Internet connections.
  • Regularly read IoT news (e.g., SecureRF newsletter) and threat report sites (e.g., Kaspersky Cyberthreat Map and CheckPoint Threat Map) to keep informed.
  • Buy IoT devices from reputable manufacturers.
  • Ensure each of your IoT device’s firmware is up to date.
  • Check and adjust each of your IoT device’s default settings.
  • Many security experts suggest disabling Universal Plug and Play (UPnP).

Wishing all of our readers a safe, secure and happy holiday season.