share

10th Nov
Category: Programming , Industry news , Top Tips and Advice

Hacking your Life using IOT

As we’ve talked about before in our previous blog ‘Hacking - good or bad?’  the term ‘hack’ could be a good or a bad thing, depending on who is doing it and what they are doing. With the advancement of the Internet Of Things, hacking has become more prevalent and now a multi-billion pound industry for both ‘black-hat’ hackers/crackers and ‘White-hat’ hackers helping to improve security and protect against crackers.  

MacWorld in their article 'How to Hack a Home through the Internet of Things' says that your plugged-in electronic devices switch on or off remotely, “can be misused to break into your home network, to capture unsecured data, plant malicious programs and steal account credentials to any of your accounts, if they are not properly protected.”

There are a number of things someone with a few tools and hacking skills can do to attack your default access point credentials. Alexandra Gheorghe, Security Specialist says

“If attackers get hold of your Wi-Fi network, they can see what other devices are connected to your network and may try to control them, too. They can also find a way to install spyware or key-loggers on your computers to grab the credentials of your online accounts… and then, havoc is bound to happen.”

You should take responsibility for your home and your devices.

There are a few simple things you can do to help at least stop the soft-hackers:

- Reading the privacy policies before choosing which a smart device to buy
- Change the default password when you set up the device
- Set up 2 step authentication for your main accounts such as Google, Apple, Yahoo accounts
- Don’t reuse the same password in more than one place
- Put a lock code on your mobile device
- Don’t check your sensitive accounts such as bank accounts over public wifi connections
- Turn your phone off at night
- Only buy ‘smart’ devices from trusted brands and trusted platforms.
- Keep product software and firmware up-to-date
- If you don't need a camera active (such as on your laptop at work), tape over it

 blog/Hacking/CrimeWatchDaily-video-screenshot2-crop-v1.JPG

'Smart Cars' and advertising

In this Wired article it talks about cars being used in the near future to advertise products to us, such as:

  • That beautiful handbag you forgot you wanted—and directions to the store where you can buy it.
  • Individualized security tips. There’s been an uptick in break-ins in your neighbourhood in the last couple weeks, Dave. Would you like to adjust your insurance coverage?

As cars and homes are increasingly connected to smartphones, laptops and the internet (seemingly there will be no-where in life you will not be barraged by advertising messages!) they are collecting all your data on where you are, what you’re doing, seeing, maybe even feeling or thinking.

“All of that data can be tapped, packaged, and monetized.”

Scarier than having your car try and sell you products, is the fact that white-hat hackers have proven they can also be taken over whilst driving at 70 mph as Andy Greenburg discovers when Hackers Remotely Kill a Jeep on the Highway - with him in it!

blog/Hacking/Wired-article-jeep-crop-v1.JPG

The video footage Bugged, Tracked, Hacked - 60 Minutes Australia (April 2016) also shows how alarmingly easy it is for a hacker to be able to access every call and message you send from your mobile phone anywhere in the world. Luca Melette, a consultant for security agencies, demonstrated the vulnerability of smartphones by tapping into SS7. He and his team are helping the German government fix the security holes in its mobile phone networks from the breach of security revealed in 2015 where the USA had supposedly been found hacking the personal phone of the German Chancellor Angela Merkel.

This Crime watch daily video clip tells us How to Protect Yourself Against Phone Hacking in updating your software to the latest version that will have recent hack-bug fixes, but their ‘hired hackers’ for this exposé, say that

“you could be asleep in your bed, with your phone charging and someone can MMS it and take control of your device - while you’re sleeping”.

They also say that both Android phone and iPhones are on a level playing field when it comes to security (or lack of it).

blog/Hacking/CrimeWatchDaily-video-screenshot-crop-v1.JPG

There are a number of internet security governing bodies that give advice and standards people should follow such as ‘Internet Society’  that says

"The interconnected nature of IoT devices means that every poorly secured device that is connected online potentially affects the security and resilience of the internet globally."

This suggests that it is our own responsibility - all of ours - to make sure we have set up our connected devices correctly and securely!

The largest attack to disrupted the internet globally, happened on 21st October 2016, with Dyn being the main victim (a company that controls much of the internet’s domain name system (DNS) infrastructure). Sites such Twitter, Amazon, Eventbrite, Etsy, Fox News, CNN, Github, Netflix, Paypal, FreshBooks, Spotify, Whatsapp, Wired, Zendesk, Reddit, Recode and many others were all affected and came offline.

This Guardian article  reported that

the attack was orchestrated using a weapon called the Mirai botnet...[but] unlike other botnets, which are typically made up of computers, the Mirai botnet is largely made up of so-called 'internet of things' (IoT) devices such as digital cameras and DVR players.

One of your own devices could have been hacked, unknowingly and unwillingly (on your part), and taken part in this attack!

It is worth all of us thinking more carefully about the security of our devices and therefore homes and ultimately lives.

If you do want to step up your security then using a device such as Bullguard's IoT Scanner software, Bitdefender BOX (only available in the USA) or Dojo-lab’s smart network security device can also help spot weaknesses. The Bullguard scanner detects devices on a smart home network that are publicly exposed and Dojo detects malicious activity or a privacy breach and automatically blocks them, notifying the owner through a mobile app.


Some advice from
Edward Snowden:

"Think about what devices you really need to connect to the internet," he adds. "And if you decide you do need to connect a device, use the connectivity only when you need it... turn it off at night."

 

Blog written by Natalie Wiggins