{"id":3837,"date":"2014-08-21T10:00:36","date_gmt":"2014-08-21T14:00:36","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=3837"},"modified":"2020-02-26T18:58:57","modified_gmt":"2020-02-26T14:58:57","slug":"how-i-hacked-my-home","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/how-i-hacked-my-home\/3837\/","title":{"rendered":"How I hacked my home"},"content":{"rendered":"<p>The security of smart devices is a hot topic. We can find articles about how hackers and researchers find vulnerabilities in, for example cars, refrigerators, hotels or home alarm systems. All of these things go under the term IoT (Internet of Things), and it\u2019s one of the most \u201chyped\u201d topics in the industry. The only problem with this kind of research is that we cannot really relate to it all. I started to think about this topic, and figured that if we can\u2019t secure ourselves against current threats, what good will it do to identify potential new future threats? A typical modern home can have around five devices connected to the local network which aren\u2019t computers, tablets or cellphones. I\u2019m talking about devices such as a smart TV, printer, game console, network storage device and some kind of media player\/satellite receiver.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/08\/05111606\/ClevHouse-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5757\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/08\/05111606\/ClevHouse-1.png\" alt=\"ClevHouse\" width=\"640\" height=\"480\"><\/a><\/p>\n<blockquote class=\"twitter-pullquote\"><p>A typical modern home can have around 5 connected devices, which aren\u2019t computers or cellphones. Most of them are susceptible to hack.<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FcD7w&amp;text=A+typical+modern+home+can+have+around+5+connected+devices%2C+which+aren%26%238217%3Bt+computers+or+cellphones.+Most+of+them+are+susceptible+to+hack.\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>I decided to start a research project, trying to identify how easy it would be to hack my own home. Are the devices connected to my network vulnerable? What could an attacker actually do if these devices were compromised? Is my home \u2018hackable\u2019? Before I started my research, I was pretty sure that my home was pretty secure; I mean, I\u2019ve been working in the security industry for over 15 years, and I\u2019m quite paranoid when it comes to applying security patches, etc. I reckoned there must be other homes that are much more hackable than mine, because I don\u2019t really have a lot of \u2018hi-tech\u2019 things at home.<\/p>\n<p>During my research I didn\u2019t focus on computers, tablets or cellphones, but rather on all the other devices I have connected to my network at home. To my surprise it turns out that I actually have quite a lot of different things connected to my network. Most of them were home entertainment devices: smart TV, satellite receiver, DVD\/Blu-ray player, network storage devices and gaming consoles. I\u2019m also at the moment relocating to a new house, and I\u2019ve been talking with my local security company. They\u2019re suggesting I get the latest alarm system, which connects to the network and can be controlled with my mobile device\u2026 After this research, I\u2019m not so sure it\u2019s a good idea.<\/p>\n<p>Some of the devices on my network were for example:<\/p>\n<ul>\n<li>Network-attached storage (NAS) from famous vendor #1<\/li>\n<li>NAS from famous vendor #2<\/li>\n<li>Smart TV<\/li>\n<li>Satellite receiver<\/li>\n<li>Router from my ISP<\/li>\n<li>Printer<\/li>\n<\/ul>\n<p>To consider a \u201chack\u201d successful, one of the following should be achieved:<\/p>\n<ul>\n<li>To obtain access to the device; for example, to get access to files on the network storage devices;<\/li>\n<li>To obtain administrative access to the device;<\/li>\n<li>To be able to transform\/modify the device for my personal interest (backdoor, etc.).<\/li>\n<\/ul>\n<p>Before conducting the research I had all devices update with the latest firmware version. During this process I also noticed that not all devices had automated update systems, which made the entire process quite tedious. Another interesting observation was that most of the products were discontinued\u00a0 more than a year back or simply didn\u2019t even have any updates available.<\/p>\n<h1>The hack<\/h1>\n<p>After researching the network storage devices I found over 14 vulnerabilities that would allow an attacker to remotely be able to execute system commands with the highest administrative privileges. The two devices did not just have a vulnerable web interface, but the local security on the devices was also very poor. The devices had very weak passwords, a lot of configuration files had incorrect permissions, and they also contained passwords in clear text. More details on the device hacks are available in the <a href=\"https:\/\/securelist.com\/analysis\/publications\/66207\/iot-how-i-hacked-my-home\/\" target=\"_blank\" rel=\"noopener\">longer Securelist version of this post<\/a>.<\/p>\n<p>During the research project, I stumbled upon some other devices that had \u2018hidden\u2019 features; one of those devices was my DSL router, which was provided by my ISP. I found that there were tons of functions I didn\u2019t have access to. I just assume that my ISP or the vendor have FULL CONTROL over the device, and can do anything they want with it and access all these functions I don\u2019t have permission to use. By just looking at the \u2018hidden\u2019 function names it seems that the ISP can for example create tunnels so as to connect to any device on the network. Just imagine if these functions fell into the hands of the wrong people? I understand that these functions are most likely supposed to be helping the ISP perform support functions, but when you log in using the administrative account you don\u2019t have full control over what you consider is your own device, and thus it becomes quite scary. Especially when some of the names have equally scary names like \u2018Web Cameras\u2019, \u2018Telephony Expert Configure\u2019, \u2018Access Control\u2019, \u2018WAN-Sensing\u2019 and \u2018Update\u2019.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/08\/05102643\/Untitled6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5759\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/08\/05102643\/Untitled6.png\" alt=\"Untitled6\" width=\"361\" height=\"277\"><\/a><\/p>\n<p style=\"text-align: left\">I\u2019m currently still researching these things to see what the functions really do. If I find anything interesting I\u2019m pretty sure there\u2019ll be another blog post.<\/p>\n<p>To hack my Smart TV and media playing devices, I had to get creative. I had to play with the idea that I\u2019m the attacker, and I\u2019ve already compromised the two network storage devices, and so what can I do next?\u2019\u00a0 The media players are most likely reading information from the storage devices (which I\u2019d already compromised). At this point I was researching potential code execution vulnerabilities with the smart TV and DVD player, but due to the high price I paid for the devices I wasn\u2019t able to investigate this further. It wasn\u2019t only a question of the wasted money if I were to break my brand new LED smart TV, but also I had no idea of how I would explain my wrecking the telly to the kids; how were they going to watch Scooby Doo? However, I did identify one curious security issue with the Smart TV. When the user accesses the main setup menu on the TV, all the thumbnails and widgets get downloaded from the vendor\u2019s servers if the device has network access. The TV didn\u2019t use any kind of authentication or encryption when it was downloading the content, which means that an attacker could perform a <a href=\"https:\/\/www.kaspersky.com\/blog\/man-in-the-middle-attack\/\" target=\"_blank\" rel=\"noopener nofollow\">man-in-the-middle<\/a> attack on the TV and modify the images in the administrative interface; the attacker could also have the TV load any JavaScript file, which isn\u2019t a good thing. A potential attack vector is to use JavaScript to read local files from the device, and use the content of the files to find even more vulnerabilities. But this is something I\u2019m working on with the vendor to see if it\u2019s possible or not. As a proof of concept for my attack, I changed the thumbnail of a widget to a picture of everyone\u2019s favorite, Borat. Yakshemash!<\/p>\n<h1><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/08\/05102643\/Untitled5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-5758 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/08\/05102643\/Untitled5.png\" alt=\"Untitled5\" width=\"263\" height=\"175\"><\/a><\/h1>\n<h1>The conclusion<\/h1>\n<p>This post doesn\u2019t name specific TV, NAS or DSL router vendors on purpose. The goal of my research is not to brag about all the undiscovered vulnerabilities I found, or that there are big security problems in the home entertainment product line. There will always be vulnerabilities, and we need to understand that; however, by understanding I don\u2019t mean accepting. We need to actually do something about it; we need to know what the impact is and assume that our devices can be, or are already, compromised. We need to start assuming that products are vulnerable and that attackers can and will gain access to them.<\/p>\n<p>I would like to conclude this research by saying that we as individuals and also companies need to understand the risks with network devices. We also need to understand that our information is not secure just because we have a strong password or are running some protection against malicious code. We also need to understand that there are so many things that we do not have control over, and that we are largely in the hands of the software and hardware vendors. It took me less than 20 minutes to find and verify extremely serious vulnerabilities in a device considered to be secure \u2013 a device we trust and on which we store all the information we don\u2019t want stolen.<\/p>\n<p>We need to come up with alternative solutions that can help individuals and companies improve their security. This is not a problem you simply can fix by installing a product or security patch; therefore, I would like to end this post by saying that even though the home entertainment industry might not be focused on security, we at KL do, and with just a few simple tips I think we can raise the security level a little bit higher. Hopefully some of the vendors will read this research and improve their software security; but until then, here are some simple tips from my side:<\/p>\n<ul>\n<li>Make sure all your devices are up to date with all the latest security and firmware updates. This is a problem for a lot of home, business and entertainment devices, but it is still the best thing you can do to avoid being at the mercy of known vulnerabilities. It also gives you an indication of whether the devices have any updates at all to install, or if it\u2019s considered to be a \u2018dead\u2019 product.<\/li>\n<li>Make sure that the default username and password are changed; this is the first thing an attacker will try when attempting to compromise your device. Remember that even if it\u2019s a \u2018stupid\u2019 product such as a satellite receiver or a network hard drive, the administrative interfaces are often vulnerable to serious vulnerabilities.<\/li>\n<li>Use encryption, even on the files you store in your network storage device. If you do not have access to an encryption tool, you can simply put your files in a password-protected ZIP file; it\u2019s still better than not doing anything at all.<\/li>\n<li>Most home routers and switches have the possibility to set up several different DMZ\/VLAN. This means that you can setup your own \u2018private\u2019 network for your network devices, which will restrict network access to and from this device.<\/li>\n<li>Use common sense and understand that everything can be hacked, even your hardware devices.<\/li>\n<\/ul>\n<p>If you\u2019re really paranoid you can always monitor the outbound network traffic from these devices to see if there\u2019s anything strange going on, but this does require some technical knowledge. Another good tip is to restrict network devices from accessing sites they\u2019re not supposed to access, and only allow them to pull\u00a0updates and nothing else.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The story of a researcher who wanted to see how vulnerable he actually was.<\/p>\n","protected":false},"author":336,"featured_media":3838,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[575,78,628,765,576,97,610],"class_list":{"0":"post-3837","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-great","9":"tag-hackers","10":"tag-internet-of-things","11":"tag-iot","12":"tag-jacoby","13":"tag-security-2","14":"tag-vulnerability"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/how-i-hacked-my-home\/3837\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/how-i-hacked-my-home\/3934\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/how-i-hacked-my-home\/4324\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/how-i-hacked-my-home\/4584\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/how-i-hacked-my-home\/5560\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/how-i-hacked-my-home\/5756\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/how-i-hacked-my-home\/4617\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/how-i-hacked-my-home\/5560\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/how-i-hacked-my-home\/5756\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/how-i-hacked-my-home\/5756\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/great\/","name":"GReAT"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3837","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/336"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=3837"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3837\/revisions"}],"predecessor-version":[{"id":15897,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3837\/revisions\/15897"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/3838"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=3837"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=3837"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=3837"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}