How smart is Smart tech

How smart is Smart tech

As technology gets more advanced we all think about products that can make our life easier and more secure. 

exc-5c420175c74c5002ac22a1a5

As technology gets more advanced we all think about products that can make our life easier and more secure. 

The reality though can prove to be very different, as while the tech can be sophisticated the security often isn’t.

The government estimates that every household in the UK owns at least 10 internet-connected devices. But that figure is expected to rise to 15 by 2020, so increasing the security to prevent further breaches is more essential than ever.

We’ve already told you all about the cyber risk of internet-connected toys but other ‘smart’ products are just as risky.

The latest issue has been found in Smart Cam security cameras, which you’d like to think will keep you safe.

Instead, though tech firm Hanwha Techwin has been forced to fix 13 ‘critical security holes’, which allowed attackers to take control of the camera or even attack the connected network.

Kaspersky Lab researchers discovered the vulnerabilities and revealed that 2,000 of the devices, popular with both consumers and small businesses, have publically accessible IP addresses. But they believe the actual number of vulnerable cameras to be a lot higher.

Four of the 13 bugs related to cloud functions, while the rest were all issues with the actual camera itself.

This latest incident comes after warnings were issues about a range of smart products.

Cyber researchers at the Ben-Gurion University of the Negev (BGU) found that baby monitors, home security cameras, doorbells, and thermostats were all easily hacked.

Dr. Yossi Oren, a senior lecturer in BGU’s Department of Software and Information Systems Engineering and head of the Implementation Security and Side-Channel Attacks Lab at [email protected]

Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products. It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand,” added Omer Shwartz, a Ph.D. student and member of Dr. Oren’s lab. “Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely.

Perhaps more worrying was the fact they were able to logon to Wi-Fi networks simply by retrieving the password stored in a device to gain network access.

In the past hackers have even used internet-connected devices to take sites, including Twitter, Reddit and Spotify offline.

The good news though is that the government has finally announced new guidelines to make all internet connected devices safer.

They include making passwords unique and not resettable to factory default and making sure sensitive data, which is transmitted via apps is always encrypted.

The government’s Security by Design review also suggested:

  1. Device manufacturers have a point of contact so that security researchers can report issues immediately

  2. Software should be updated automatically with clear guidance for customers

  3. It should be easy for consumers to delete personal data

  4. Installation and maintenance should be easy for consumers

Margot James, minister for digital and the creative industries, said: “We want everyone to benefit from the huge potential of internet-connected devices, and it is important they are safe and have a positive impact on people’s lives.

“We have worked alongside industry to develop a tough new set of rules so strong security measures are built into everyday technology from the moment it is developed.”

To help you stay safe BGU researchers offer a number of tips.

  1. Buy IoT devices only from reputable manufacturers and vendors.

  2. Avoid used IoT devices. They could already have malware installed.

  3. Research each device online to determine if it has a default password and if so change before installing.

  4. Use strong passwords with a minimum of 16 letters. These are hard to crack.

  5. Multiple devices shouldn’t share the same passwords.

  6. Update software regularly which you will only get from reputable manufacturers.

  7. Carefully consider the benefits and risks of connecting a device to the internet.

  • Recent Articles
Author Details
Founder & CEO at Hedgehog Security

Peter has been in the Information Security world since 1999 and in IT in general since 1996. His work history contains a unique blended balance between the development of exceptional technical capabilities and business knowledge. Peter is a proud father of twins and enjoys GT endurance racing on the weekends.

We would like to keep you informed about our services. Please tick the options below to receive occasional updates via

  • penetration testing steps
    Peter talks to FindMyUkCasino
  • Malware
    SB Tech Breach

    Last week saw SB Tech Breached by the hacking group Maze. It seems that every week the group are announcing more victims.  GameOn asked our CEO Peter Bassill, to give us some insight into the attack. The GameOn article is here.

  • Privacy
    Howto VPn

    In our “How to securely” series we asked our followers what tools they would like a simple guide on to help them stay secure online. There seemed to be a lot of confusion as to what a VPN is and why you should or should not use one. So we asked Peter to help.

  • WhatsApp
    How To Whatsapp Safely

    WhatsApp is among the fastest-growing instant messengers out there, and almost a social network in its own way. But if you are using it, there are some steps you should take to protect your security and privacy.

  • Morrisons Breach Update

    The UK’s highest court ruled that Morrisons can not be liable for a criminal act of a person seeking to harm their business. On April 1st, 2020, a panel of five justices unanimously ruled that Morrisons was not “vicariously liable”.

  • Remote Working Considerations

    With the current pandemic situation, we all need to be taking remote working considerations. While adjusting the work paradym, it is vital to keep a mind’s eye on the security and safety of the businesses information assets

  • Securing Zoom
    How To: Securing Zoom

    In this guide we are looking at how to go about securing zoom. Since the onset of the global pandemic, we have seen surge in “zoom bombing”. This is where people with malicious intent look for in-progress zoom meetings to join and cause trouble.

  • Software Security
    Dell EMC iDRAC memory corruption Vulnerability

    A critical vulnerabiltiy has been identified in Dell EMC iDRAC7, iDRAC8 and iDRAC9. Some unknown processing is affected by this issue. Manipulation with an unknown input can lead to stack based memory corruption.

  • Hiscox Sues for Failing to Disclose Data Breach

    On March 27th, Hiscox Insurance Company Inc. filed a complaint against law firm Warden Grier for concealing a data breach that occurred back in 2016.

  • Software Security
    Privilege escalation on Nginx Controller up to 3.1.x Controller API

    A critical vulnerability has been identified in Nginx Controller up to 3.1.x (web server,) affecting an unknown code block of the component Controller API.

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest
Scroll to Top