‘Smart’ Doesn’t Mean ‘Unhackable’

Many vendors will tell you that their smart device is unhackable. However, in reality, that’s unlikely to be true.

When we talk about smart devices in this context, we’re not talking smartphones, but rather the myriad devices that make up the Internet of Things. All those gadgets we can’t possibly live without.

All of these smart devices have one similar characteristic; they all have poor security.

Alarming security issues

A recent article on BullGuard’s blog highlights the myth of the unhackable smart device. They wrote that:

Two of the world’s largest car alarm manufacturers recently proved this point, albeit inadvertently.

Viper, known as Clifford in the UK, and Pandora Car Alarm Systems have something like three million customers between them. Some security researchers recently tested these smart car alarms.

The results don’t inspire confidence. They discovered straightforward vulnerabilities in both alarms’ APIs, which knit together a vehicle’s existing smart features with the smart alarms.

The researchers probed these vulnerabilities and were able to tamper with existing smart parameters, reset user credentials, and hijack accounts and more.

  • The vehicle type and owner’s details could be stolen, a car could be unlocked, the alarm disabled, the vehicle tracked, microphones compromised, and the immobilizer hijacked. 
  • In Viper’s case, a security flaw in the API parameter led to improper validation, which provided attackers with the ability to compromise user accounts. The research team found that the same bug could also be used to compromise the vehicle’s engine system. 
  • The Pandora alarm can be used to make SOS calls in cases of emergency. This is why it is fitted with a microphone. But because of the flaw, the microphone could be used for snooping. 
  • In Pandora’s case, cyber attacks could also result in the car engine being killed during use.  It’s designed for use if a car is stolen, which makes sense, as long as it isn’t hacked. But in the hands of an attacker, it could be deadly. Imagine hurtling down a motorway, the engine suddenly cuts out, and there’s a 44-ton truck sitting right behind you.

To the misfortune of Pandora, it claimed on its website that its smart alarms were unhackable. That said once the researchers informed the company it swiftly deleted this grandiose claim from its website.

Also, both companies responded quickly and fixed the vulnerable APIs as soon as they were informed, which is encouraging.

We may not be seeing real-world cyber attacks on cars yet, but given the pace of smart device adoption, it’s something any sensible person wouldn’t bet against.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages. 

Source:BullGuard

Protect The Data From Your Smart Devices

Are you concerned about protecting the data from your smart devices?

Are you worried they may be transmitting data back to the manufacturer?

Not worried?

That’s because you don’t what sort of data they are gathering.

Does a smart toy need to collect a child’s interactions? Does your smart TV need to send data on your viewing habits to hundreds of other companies?

How to protect your smart device data

Most companies are less than transparent with users when it comes to telling them how they are collecting data, what data they are gathering, how they are using it, or whether they are selling it onto third parties.

It’s usually available if you know where to look for it. A hint – take a look at the impenetrable terms and conditions.

Here are a few steps you can take to protect your smart devices (courtesy of Bullguard):

  • Smart devices come with an app or web interface so you can set them to operate according to your preferences. Some have privacy controls so you can explore the app/web interface so see exactly what these controls are and whether you can adjust the settings to control the data that is collected and shared.

  • When you register a smart device or sign up for a service, set up a separate email account that you use specifically for this purpose. You can use different names and so on, so if something goes wrong, your actual data won’t be compromised.

  • Google and Apple are increasingly taking steps to protect privacy. B their operating systems, now give you greater control over what data smartphone apps can access. Check the settings menus in your device for these features.

In addition to these, you should also:

  • Set strong passwords– To improve security you should set a strong yet but memorable password or passphrase. You should also do this on your router.
  • Keep your software up to date –  Some smart devices will update automatically, but it’s worth checking the device or app periodically.
  • Voice-controlled smart devices, such as Amazon Echo and Google Home, are vulnerable to the simplest hack – someone else talking to them. You can turn off voice purchasing from the Echo’s Alexa app, or you can set up a four-digit passcode to give an extra layer of security.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.

Smart Protection: Security of Things

Internet of Things

 

It is the age of IoT (the Internet of Things).

More and more IoT devices are being launched, which on the face of it should be a good thing but think again.

The rise of IoT means there are millions of unsecured routers, webcams, IP cameras, baby monitors, etc., out there ready and waiting for a botnet to come along and cause mayhem. This problem will get bigger as smart connected devices become commonplace.

The good news is that security vendors have recognised the need for smart device protection. However, many of these products are reworked versions of existing security suites that are designed to protect computers so not particularly useful.
Effective smart device protection needs a more robust defence. For example, Dojo by BullGuard is a smart home protection technology that features five protective layers, as Forbes magazine said:

[Recently,] personal security company BullGuard announced it had acquired Israel’s Dojo-Labs, [which] has been working on a product that provides security across devices to the Smart and connected home. Some have called this SoT, the Security of Things, the logical next step in the development of IoT; the much better-known Internet of Things.

“In stealth mode since the winter of 2014, the Israeli startup had been early to realise that a smart home will be wide open to hackers because of the proliferation of devices and the huge challenges of ensuring they are secure.”

This security platform uses artificial intelligence and machine learning to provide the most cutting-edge IoT security available today. It’s also incredibly simple to use.

It is hoped that technologies like this will help redress the balance and provide the much-needed protection that smart device users need as the IoT revolution rolls forward.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: BullGuard