According to a report in Daily Mail, families are at risk from hackers taking advantage of security flaws in connected gadgets. A survey of 15 devices by the consumer group Which? found that eight were vulnerable to hacking via the internet, Wi-Fi or Bluetooth connections. Ben Hertzberg, Research Group Manager at Imperva commented below.
Ben Hertzberg, Research Group Manager at Imperva:
“The main threat with the Internet of Things (IoT) is that there are billions of internet-connected devices where basic security standards are not enforced. Devices are shipped with default credentials (sometimes without the ability to change them), vulnerabilities in their web interfaces, remote update procedures and more. With Gartner estimating that 20.8 billion of these devices will be in use by 2020, the problem may grow from a nuisance to a catastrophe. The danger is not only their use as a weapon for denial of service attacks, but also other risks like using the devices as a platform to infiltrate networks and using the devices to remotely view sensitive material.
The surge of IoT systems is accompanied by a surge of breaches. As in previous IoT hacks, like the teddy bear hack and some of the recent vehicle hacks, the tendency is to focus on the end device, the potential of someone taking control and the nature of the data that was poorly protected, bringing the cyber threats to the most intimate places of our lives.
In many cases, it is not the device itself that was exploited, but the server through which the device was connecting to the Internet or mobile application, along with the interaction between them. The security community well understands that a web server open to the Internet presents a target for any hacker located anywhere on the planet and, without proper security controls in place, getting hacked is only a question of time.
However it seems that for IoT servers, which share essentially the same risks, it will take time, and some more creepy hacks, for the security surrounding the IoT servers to reach maturity.
We’re seeing those devices being used in other malicious activities like probing websites for vulnerabilities and attempting to take over accounts. In conclusion – every company that’s selling devices that connect to the internet must know that, in that moment, they become a target, and will probably not have a lot of grace time before they start getting attacked.”