Home United States USA — software IoT gadgets dominate the holiday sales – and so do their security...

IoT gadgets dominate the holiday sales – and so do their security risks

133
0
SHARE

IoT devices are prone to various security issues that you should be aware of.
The annual retail conventions of Black Friday and Cyber Monday have long had a tradition of drumming up the latest tech products ahead of Christmas. Internet of Things (IoT) enabled products have become an increasingly popular mainstay of the sales rush, including virtual home assistants, wearable tech, smart toys and connected appliances. However, as these connected products continue to dominate the holiday sales scene, they are also highlighting longstanding security concerns with IoT devices. Products are often found to be lacking even basic security safeguards, potentially exposing users to privacy invasions, cyberattacks, and even physical danger. Those who splurged on IoT-enabled devices in this year’s sales will need to be aware of potential new security threats against themselves and their employers. IoT security vulnerabilities are extremely common, and our own investigators have found major flaws in everything from kettles to sex toys. There has been a steady cadence of IoT security breaches making the headlines over the last few years, including both the discovery of potential vulnerabilities and cases of actual exploitation. One of the most prominent recent examples has been the Ring smart doorbell produced by Amazon. The device is ostensibly designed to help users with home security, enabling them to remotely access video and audio feeds from their smartphone, as well as receiving alerts when they have a visitor. However, it quickly became apparent that Ring was lacking several important security features. The device is controlled by a mobile app but did not set any limits on incorrect login attempts or notify users when there was a failed attempt or a successful login from a new location or device. This meant it was straight forward for a threat actor to brute force their way into the user’s account and connect to the device. There were multiple examples of Ring devices being hijacked to spy on households, as well as the speaker function being used to harass and threaten people with physical violence. Connecting to a Ring device also enabled attackers to gain useful Wi-Fi information to facilitate further attacks. Ring’s manufacturers were quick to respond and have updated the software to patch out these vulnerabilities. However, it’s worth noting that there are many other brands of smart doorbell available, and not every manufacturer is diligent about closing reported vulnerabilities. IoT devices are a natural bridge between the cyber and physical worlds, which means they have a distinct risk profile compared to a traditional endpoint. Unlike a hacked laptop or smartphone, many IoT devices can actually be used to perform physical actions.

Continue reading...