Video surveillance systems and wearable and smart technology are all linked to the Internet, and comprise what’s called the Internet of Things (IoT). This online network allows machines, devices, and appliances to communicate with one another (i.e., controlling your room temperature with your smartphone). These types of technology are becoming increasingly popular; by 2020, the IoT sector is expected to exceed $300 billion, generating from over 26 billion devices online.
Under the IoT umbrella, common household items are equipped with their own software and computer chip, and require Internet connection to execute certain functions and features. However, these devices have exposed a myriad of security loopholes. The link to the Internet that makes device-to-device communication so simple also offers new points of access for attackers.
While it may seem arbitrary, your appliances offer plenty of information about who you are in your home and online. Hackers can manipulate and exploit the data exchanged with your devices, making you vulnerable to theft, invasion, and loss of privacy. Smart, connected items like your car, fridge, and printer are just a few things that have potential for exploitation.
These days, smart cars are becoming smarter and people are seeking more efficient vehicles with enhanced capabilities. Over the next decade, cars will likely be able to talk to other cars and interact with roadside devices, and traffic lights.
This vehicle-to-infrastructure and vehicle-to-vehicle technology promises to change the way we interact with cars on the road, but it’s not the only technology that will completely revolutionize our roads of tomorrow. Self-driving cars are becoming increasingly popular as well. Ridesharing companies like Lyft and Uber have already expressed their interest in autonomous driving. Uber began testing its fleet of self-driving cars in Pittsburg and recently started testing in Arizona. Ford plans to launch its own line fully autonomous cars in 2021, and Waymo, Google’s self-driving car project, is already in four cities.
With so many technological developments in the works, there’s opportunity for setbacks. Modern car features like keyless entry, 4G LTE hotspots, cameras, automatic brakes, advanced sensors and OBD-II devices, all contribute to the vehicular landscape but also expose vulnerabilities. Mercury Insurance published a tool to see if your car is at risk and help vehicle owners stay aware of what vulnerabilities exist within their specific automobile.
Breaking into cars is one thing, but hacking into a car is entirely another. And while less physically invasive, it can be much more damaging. Breaking into a keyless car isn’t hard for hackers at all. For years, a simple $20 amplifier has succeeded in breaking into keyless entry vehicles via a signal from the car to the key. This is exactly what happened to David Beckham in 2006, when his BMW X5 was stolen with a laptop and simple rig.
Similarly, one Wired magazine writer investigating vehicle security acted as a test dummy in a Jeep Cherokee that was remotely hacked and controlled from a laptop ten miles away. Smart car invasions have become more commonplace on the path to a more connected way of living, and brands are still falling behind in their efforts to keep up on the security end of IoT.
In conjunction with the Department of Transportation and the National Highway Traffic and Safety Administration, the FBI officially announced this year that over-the-Internet car hacking was a serious threat. The public service announcement stated several ways to help minimize vehicle cybersecurity risk, including vehicle software maintenance.
When you think of hacking, your fridge is probably one of the last things that come to mind. Surprisingly, though, hackers are targeting basic household items to extract personal information from unsuspecting victims. Earlier this year, Proofpoint security researchers discovered the first big IoT cyber attacks, which involved many television sets and at least one fridge.
This home appliance botnet (a network of private computers that contain malicious software controlled by hackers) invaded over 100,000 everyday objects, which were used to send more than 750,000 malicious emails to businesses and individuals around the world.
What’s worse is the fridge hack seems to be gaining momentum. Last year, a team of hackers from web security company Pen Test Partners were able to compromise a Samsung smart fridge and discovered a vulnerability that allowed them to steal Gmail username logins and other credentials. One feature of this smart fridge was its ability to integrate and display a user’s Gmail calendar. Because the Samsung fridge didn’t validate SSL certificates, hackers could access the network and monitor and manipulate the activity for the associated Gmail account.
An article published by Popular Mechanics demonstrated a few ways to protect smart devices from hackers. Methods included changing the administrative settings (creating a complex password) and installing a firewall to the point of connection to the router.
Like the smart fridge and car, printers are equally susceptible to online attacks due to their many connected functionalities. This was very clear when, in March 2016, hacker Andrew Auernheimer sent thousands of print jobs featuring Nazi propaganda to different printer locations across the United States. Most of the printouts appeared on college campuses, and Auernheimer admitted that a large part of the reason he did so was to demonstrate the gaping security holes in IoT.
“After a little investigation, it seemed that to print to a printer with port 9100 exposed, all you have to do is netcat a postscript file to that port,” he stated in Storify.
With millions of connected printers, the possibilities for intrusion are practically limitless — even for non-techies. These printers allow for easy manipulation because they are hooked up to the Internet through unsecure, open connections. MacKeeper’s security expert Chris Vickery also conducted research on printer security loopholes and brought up several disturbing findings, including the hacker’s ability to utilize open-source tools to access files uploaded via the 9100 port on a web server.
“This opens up a world of possibilities,” Vickery wrote in a blog post. “A hacker can host malicious web pages and scripts on your printer and link it to potential victims.”
Even more is that many enterprises would have a very difficult time identifying an attack because they don’t have proper logging systems in place. And according to Vickery, there are over 21,000 vulnerable HP printers — though other brands with smart printers are also exposed to risks. While HP understands these associated risks and continues to roll out newer models to help mitigate them, it’s important for users to comprehend that any connected device could pose an issue, and individual and company-wide safety steps should be taken.
This post is part of our contributor series. It is written and published independently of TNW.