Pinterest Stumbleupon Whatsapp
Ads by Google

We recently wrote about why the Internet of Things (IoT) may not be all the glitter 7 Reasons Why The Internet of Things Should Scare You 7 Reasons Why The Internet of Things Should Scare You The potential benefits of the Internet of Things grow bright, while the dangers are cast into the quiet shadows. It's time to draw attention to these dangers with seven terrifying promises of the IoT. Read More and champagne it’s cracked up to be. To expand on that idea, it’s well worth looking at a number of smart devices that you may not want to connect to the web after all. At least not yet, anyway.

It’s no surprise that the IoT is loudly ringing alarm bells. The “matured” security of the 25-year-old Internet is a long-shot from being perfect. All we can expect from the baby-faced security in and around the IoT Why The Internet of Things Is The Biggest Security Nightmare Why The Internet of Things Is The Biggest Security Nightmare One day, you arrive home from work to discover that your cloud-enabled home security system has been breached. How could this happen? With Internet of Things (IoT), you could find out the hard way. Read More is something extremely rudimentary, accompanied with all the risk that entails.

Rather than cultivating an attitude of fear around the IoT, I hope to perpetuate more vigilance around this technology. A vigilance that leaves you prepared for the worst, but hopeful for the best.

Cars

This year at Black Hat USA, an unaltered passenger vehicle was remotely hacked. Once hacked, it was clear that the vehicle could quite easily be controlled (to a large extent) by those hackers.

You can see in the video above the extent that this code can be used to take control of your vehicle (predominantly late model Chryslers, with the UConnect feature. A patch has since been released).

Ads by Google

The hackers first start off by innocently turning on the fans, radio, and wipers. Next, they cut the engine on a highway, take control of the steering (only while in reverse), and, most scary of all, disable the breaks.

Although vehicles have had complex computational systems within them for years, it’s only recently that we are starting to see them connected to the Internet. If the systems and networks within the car (Bluetooth, telematics, radio functions, etc.) are connected to each other, this largely widens the scope of what the hacker is able to do.

The fact that there is already such a high number of connected vehicles on the road today is what makes this development particularly worrying. Gratefully, however, the engineers who remotely “broke into” this vehicle did ethically warn the industry of the weaknesses they found. If a more nefarious engineer were to find these vulnerabilities, the consequences could be disastrous.

Baby Monitors

This September, Forbes reported on how “depressingly easy” it currently is to hack into a number of baby monitors from within a browser.  This has been an issue for some time now, with the video above being over a year old. Yet the industry still fails to make the required updates.

Forbes explained that through “simple searches or tweaked web addresses”, a novice hacker could remotely access the Baby Monitor’s video feed, and could even talk to the baby. By using Brute Force attacks on IP addresses found on sites such as Shodan, receiving video and (sometimes) audio is said to be uncomfortably easy.

The results of the research conducted by security analysis company Rapid7 found seven devices that are vulnerable to to these weaknesses. These are: the iBaby M3S and M6 models, the Philips In.Sight B120/37, the Summer Infant Baby Zoom, the Lens Peek-a-ViewTrendNet Wi-Fi Baby Cam and some Gynoii devices. Many other devices that the company did not test are also thought to be vulnerable.

These vulnerabilities are likely easy to fix. Only allowing whitelisted IP addresses to access the feed could be one potential solution. As would improving on “shoddy default passwords”. In the meantime, monitors already sold (likely) still remain open to attack. As reported in the article, “most vendors didn’t respond with confirmation of fixes”, though Philips did promise a security update.

Home IP Cameras

IoT2

Home IP cameras are generally security cameras that you can control remotely from your smart phone. Security firm Tripwire states in a Sputnik News article that “these devices are usually hackable with ease providing you can interface with them. If they have a web interface, they can be hacked using web hacking techniques. If they have interfaces over serial ports — they can be penetrated and hacked at that layer too”.

The idea that someone could gaze into your home, and watch while you live your daily life may not be likely, but the possibility is nauseating. Along with this, if a potential intruder (whether this be into your home, office, or shop) wanted to make sure the coast is clear, all they have to do is check your IP Camera feed to ensure no one is around.

The same issues arise with web cams and smart TVs with connected (or in-built) cameras.

Smart Locks

IoT

For anyone who routinely misplaces their keys, the idea of a smart-lock could come as something of a god-send. Being able to open and lock your doors from a mobile application sounds fine and dandy in theory, but in reality the security concerns are nothing to be ignored.

Back in 2013, Wired reported that millions of Kwikset smart locks were open to hacking. The Sesame smartlock purportedly has less-than-perfect security thanks to it’s “secret knock” Bluetooth feature. Hackers at Def Con hacked a smart-lock in front of a live audience.

But as pointed out in this Gizmodo article, if someone really wanted to break into your house, a crowbar or smashed window could do the trick. That would be a lot easier than hacking your smart lock. But if we’re relying on smart locks to secure offices, shops, server rooms, or even safes, we’re looking at a completely different picture, where immensely valuable information, stock, and equipment could be placed at risk.

Fridges

During December of 2013 and January 2015, Cybernetics Security company Proofpoint claimed to to have discovered the first large scale Internet of Things cyber attack. In that attack, 750,000 phishing/spam emails What Exactly Is Phishing & What Techniques Are Scammers Using? What Exactly Is Phishing & What Techniques Are Scammers Using? I’ve never been a fan of fishing, myself. This is mostly because of an early expedition where my cousin managed to catch two fish while I caught zip. Similar to real-life fishing, phishing scams aren’t... Read More were sent from fridges, TVs, media centers, and other connected home devices. This may be unfortunate for the recipients of those emails, but the point is more salient.

Yes, our connected devices can now be used to launch large scale attacks on us, and others. But on a more personal note, the lack of security built into devices, such as many Samsung fridges Samsung's Smart Fridge Just Got Pwned. How About The Rest Of Your Smart Home? Samsung's Smart Fridge Just Got Pwned. How About The Rest Of Your Smart Home? A vulnerability with Samsung's smart fridge was discovered by UK-based infosec firm Pen Test Parters. Samsung’s implementation of SSL encryption doesn’t check the validity of the certificates. Read More (see the video above), leaves us pretty vulnerable. Some of these fridges have been found to be sending your data over servers without verifying the SSL certificate What Is an SSL Certificate, and Do You Need One? What Is an SSL Certificate, and Do You Need One? Browsing the Internet can be scary when personal information is involved. Read More . This means that the fridge doesn’t really know who it’s talking to.

If you’re asked to log-in to your Google or Amazon account on your fridge, for instance, your passwords could well be intercepted. Not only that, but it could be relatively easy for a hacker to install malware on your fridge, too. Principal Analyst at Osterman Research told Computing.co.uk, “few vendors are taking steps to protect against this threat; and the existing security model simply won’t work to solve the problem”.

There are Many Others

Above are just a few examples of IoT devices that we should maintain our vigilance around. There are many more. Your GPS connected running T-shirt could tell the wrong kind of people when you’re out of the house, for example. But a more likely risk is that of having even more of your sensitive data accessible via devices that simply aren’t well secured.

Despite the excitement of the Internet of Things (which is why many companies are jumping on the bandwagon, connecting the most ridiculous of devices Tweeting Fridges and Web Controlled Rice Cookers: 9 of the Stupidest Smart Home Appliances Tweeting Fridges and Web Controlled Rice Cookers: 9 of the Stupidest Smart Home Appliances There are a lot of smart home devices that are worthy of your time and money. but there are also kinds that should never see the light of day. Here are 9 of the worst. Read More ), it’s a risk to jump in head first without first being conscious of the risks that are out there.

This selection of devices all pose at least some form of threat, that will (hopefully) in time be ironed out. In the meantime, let’s not fall for the hype. Let’s use the technology behind the Internet of Things for actual needs. When the security inevitably improves, perhaps then, and only then, should widespread adoption of these risky devices become mainstream.

Which other devices to you think pose a risk? And are these risks substantial enough to prevent you from jumping on board with these devices?

Image Credits: Hacker with green hood by beccarra via Shutterstock, AXIS M11-L by AXISCommunications (via Flickr),  GOJI Smart Lock by Maurizio Pesce (via Flickr),

  1. Jeff
    October 29, 2016 at 11:40 pm

    It's "disconnect the brakes", not "disconnect the breaks". Please learn basic English.

  2. Rod Scher
    August 22, 2016 at 2:02 pm

    As always, a great (and useful) read. But, also as always, there seems to be no editor lurking about. (Since that's what editors do - they lurk. Also, they skulk.) Not just breaks/brakes, but also it's/its. As an editor myself, that kind of sloppiness makes me worry about the accuracy of the whole piece. (Which is unfair, I guess, but that's the way it is.)

    • Rob Nightingale
      October 30, 2016 at 1:00 pm

      Apologies Rod, sometimes these things slip through the cracks!

  3. Jon
    August 21, 2016 at 10:01 pm

    I prefer to keep things simple. Fewer things connected = fewer problems/headaches.

    • Rob Nightingale
      October 30, 2016 at 1:01 pm

      I agree to a large extent. Unless it substantially improves/simplifies my life, what's the point?

  4. fcd76218
    October 7, 2015 at 1:56 pm

    " if someone really wanted to break into your house, a crowbar or smashed window could do the trick"
    If you follow that logic, then why have any locks on the doors and windows?

    • Rob Nightingale
      October 17, 2015 at 5:34 am

      Because locks keep people out who don't *really* want to get in. If someone *really* wants to get in, locks won't stop them.

      • fcd76218
        October 17, 2015 at 11:32 am

        The question is "If criminals can break into bank vaults, how do you stop them from breaking into a house?"

        • PERRY F BRUNS
          October 24, 2016 at 12:31 pm

          If criminals can break into bank vaults, they don't need to break into houses.

  5. fcd76218
    October 6, 2015 at 3:21 pm

    I don't think Dan Price has read your article. He is waxing poetic about how wonderful a smart garage door opener is (can be). :-)

    • Rob Nightingale
      October 7, 2015 at 3:17 am

      Haha. Very true. We'll have to agree to disagree on that one. A remote control does the trick perfectly well in my eyes.

      • fcd76218
        October 7, 2015 at 1:54 pm

        I love my garage remote, too. It's mounted on the visor and all I have to is to reach up and press the activator button. I don't have to even look at it. I think that is a little more convenient than whipping out your smart phone and clicking through all the screens to find the "garage door opening" app.

  6. Willard Johnson
    October 6, 2015 at 2:32 am

    "Brakes", not "breaks". Proofreading is your friend.

    • Rob Nightingale
      October 7, 2015 at 3:17 am

      Thanks for the heads up, Willard.

  7. hildyblog
    October 5, 2015 at 5:50 pm

    There is nothing in my life that I want to connect to the Internet besides a computer (i.e. desktop, laptop, tablet, smartphone, router) and maybe a smart TV. Everything else can live with local Bluetooth and, for that matter, I don't see much use for that beyond having lights turn on when I walk into a room.

    • fcd76218
      October 5, 2015 at 8:02 pm

      You don't need Internet-capable lights to have them turn on when you enter a room. A simple motion detector can do that for you.

    • Rob Nightingale
      October 7, 2015 at 3:18 am

      At the moment, I agree. Though I wouldn't be massively surprised if in 20 years, we all look back unbelievingly at how we lived without our favourite kitchen stool connected to the net.

  8. Roger Williams
    October 5, 2015 at 3:59 pm

    Most of these devices do not need IP addresses. What is the use of controlling my oven, if I haven't loaded it in the morning? Most modern stove timers can be set to cook and then turn itself down if you get stuck in traffic. I cannot think of any valid reason to have any appliances tied to the internet.

    • fcd76218
      October 5, 2015 at 8:03 pm

      "I cannot think of any valid reason to have any appliances tied to the internet."
      Because the technology allows you to? :P

      • Rob Nightingale
        October 7, 2015 at 3:20 am

        I think that's the motto of this age. "Because it can"...

    • Rob Nightingale
      October 7, 2015 at 3:20 am

      How would the oven know if you were stuck in traffic if it wasn't connected to the Internet and able to track your GPS?

      • Roger Williams
        October 7, 2015 at 10:46 am

        Rob: Timers on some ovens can be set to cook your food for a set time period and then turn the oven down to keep it warm. No connection to the internet.

        • Rob Nightingale
          October 17, 2015 at 5:34 am

          So, is there any way the internet could actually come in useful for ovens?

        • Howard Jiang
          November 3, 2015 at 6:39 am

          That's the thing though, the internet may not necessarily be useful for EVERYTHING (such as ovens) but the internet isn't the only wireless connection out there. Wireless connections could essentially "help" in ways such as if you set a timer on an oven and you forget about it, it could potentially go through a gateway to send you a message or have an alarm via other IoT devices.

          There are just so many different ways for one device to connect to another and they're just trying to build that aspect into everything. This is all just for that tiny bit of efficiency so people can afford to be just that tiny bit more forgetful or lazy since they have everything else to remind them or do it for them.

          There's a lot of potential in wireless connection which is why so many technology companies are currently going towards the Internet of Things.

          Of course, that also means security issues as you mentioned in the post. Great post by the way. It really is one of the biggest concerns in this field nowadays with everything connected to the internet.

        • Rob Nightingale
          November 25, 2015 at 12:40 pm

          Thanks for the thoughts, Howard. Good point about the Internet not being the only connection- you're completely right. I still believe that the vast majority of ideas in this field will fizzle out, and we'll simply be left with a more skeletal IoT than many people believe in at the moment. Only time will tell!

  9. fcd76218
    October 5, 2015 at 2:35 pm

    But most of the popular press, both technical and non-technical, has anointed IoT as the next "Greatest Things Since Sliced Bread"! You mean the pundits have gotten it wrong (again)?

    /sarcasm

    • Rob Nightingale
      October 7, 2015 at 3:24 am

      I genuinely think the IoT will be huge. I think that if someone is serious about weight tracking, then smart weighing scales can take some of the pain away from keeping all of your data up to date, for instance. I just feel that the home uses of IoT are limited more than people think.

      The real progress will be made in the corporate and non-profit spaces, where sensors can alert people when a water pipe has burst, when there's a gas leak, when a gun shot has been heard etc. When all boats can have a tracking device that never runs out of battery. These are genuine uses for the IoT that I believe will serve to make a difference. Trying to connect your toaster to the IoT is childs-play.

Leave a Reply

Your email address will not be published. Required fields are marked *