The Gift that Keeps on Giving – ‘Smart’ IoT Technology Gives Hackers More Options

By: Lee Rickwood

September 2, 2015

Eighty-five per cent of the home networks tested by a Canadian technology security firm are at risk due to security and privacy problems – eighty-five per cent!

The good news is those problems can for the most part be easily addressed by users or equipment vendors (and the company that did the testing offers its own audit program that points to such solutions).

The bad news is that vulnerable technologies just keep on coming to market: the only thing seemingly faster than the adoption rate of new connected devices, smart home applications and things on the Internet of Things is a hacker’s ability to compromise them.

That’s because many of the privacy and security vulnerabilities identified in home (and office) networks are due to the standard configuration that wireless routers have right out of the box, such as a default password for remote and administrative access. (Many devices are designed and built for remote access functionality; the botnet that knocked Xbox and PlayStation networks offline earlier this year relied entirely on hacked routers, compromised remotely.)

Many popular routers have software-based control tools that can be accessed remotely.

Many popular routers have software-based control tools that can be accessed remotely.

In its security report, Toronto-based Sericon Technology analyzed the state of security for the so-called smart or connected home using more than 15,000 home network scans from RouterCheck, its consumer tool for home router security. The data shows that 85 percent of the networks tested are at risk of cyber attack.

“RouterCheck’s real-world data shows that on average, a home network has 1.8 vulnerabilities,” described Sander Smith, president of Sericon Technology, the developer of RouterCheck. “From insecure passwords to poorly configured wireless security, these vulnerabilities mean that the average home is at risk from hackers all over the world.”

RouterCheck is a consumer-oriented tool for protecting home routers, from the same company that did the security testing, Sericon. It is delivered as an Android app and it identifies problems with both a router’s configuration and internal software. Problems discovered while using RouterCheck can usually be fixed by following the instructions provided by the integrated RouterCheck Support application.

It’s not just devices in the home; the communications among them are vulnerable, too, with word that smart home wireless connections protocols have been hacked. Such protocols are used by several manufacturers in order to let IoT devices communicate with each other; so again, by their very nature, they have vulnerabilities built-in.

Leading companies like LG and Microsoft are among those embracing an emerging communications system dubbed AllJoyn, a protocol that can move information from one device to another. Of course, it uses Wi-Fi as its main communication layer!

While some industry observers have called AllJoyn the greatest feature in Windows 10 OS, for example, some hackers have dubbed it “the greatest security flaw!!” for that reason. In fact, specific malware has been developed by cyber crooks to exploit the specific flaws inherent in routers and other connected devices.

First-to-market pressures, short-duration product development cycles, backward compatibility and future-proofing, and particularly price point sensitivity are all seen as greater influencers of product features and functions than user privacy and network security.

Devices in smart homes and network connections among the Internet of Things are vulnerable to hacking and cyber attacks.

Devices in smart homes and network connections among the Internet of Things are vulnerable to hacking and cyber attacks.

That means many new products offered for our comfort and convenience, are actually pretty convenient for digital intruders, computer hackers and cyber criminals.

And is it not just your safety and security that’s at risk; because these devices are connected to local networks and the Internet, they are dangerous doorways that open a much wider world to possible security and privacy risks.





Leave a Reply

Your email address will not be published. Required fields are marked *