{"id":9913,"date":"2017-11-28T09:00:48","date_gmt":"2017-11-28T05:00:48","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=9913"},"modified":"2019-11-15T15:23:36","modified_gmt":"2019-11-15T11:23:36","slug":"internet-of-vulnerabilities","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/internet-of-vulnerabilities\/9913\/","title":{"rendered":"The vulnerable Internet of Things"},"content":{"rendered":"

Numerous smart watches, coffee makers, vacuum cleaners, and even cars are now part of what is called the Internet of Things (IoT), a catch-all term for the connected devices we\u2019re growing to love and rely on. At least in theory, the IoT should make our lives simpler and more convenient; hence its rising popularity.<\/p>\n

However, there\u2019s a flip side: security. Unfortunately, manufacturers are not overly concerned with the security of Internet-connected devices, so almost any \u201csmart\u201d device is vulnerable and thus potentially dangerous. Kaspersky Lab investigated what threats are lurking in the IoT.<\/p>\n

Is the IoT dangerous?<\/h2>\n

IoT devices often have weak security that is very easy to bypass. Criminals are only too happy to take advantage: The number of malicious programs attacking the IoT has more than doubled<\/a> this year. Worldwide, smart devices now number 6 billion, and many of them are vulnerable, making them a juicy prospect for intruders.<\/p>\n

Hacked IoT devices can be used for DDoS attacks<\/a>, channeling the combined power of lots of, say, Wi-Fi routers to flood and cripple a server. That was exactly what the infamous Mirai<\/a> botnet<\/a> did, for example, when it took down dozens of the world\u2019s largest Web services nearly a year ago.<\/p>\n

It\u2019s not only botnets that make use of Internet-connected smart devices. For example, having hacked into a smart webcam, an attacker can start spying on its owner<\/a>. Nothing is sacred in the IoT, and even children\u2019s toys are not immune. Cybercriminals can exploit<\/a> an unprotected Bluetooth connection to speak to a child in the guise of his or her favorite Furby or teddy bear, or spy on your youngster with the help of a doll<\/a>.<\/p>\n

Last but not least, some criminals simply break IoT devices, putting them out of operation. That was the modus operandi of the BrickerBot worm<\/a>. Attacked gadgets simply turned into dumb plastic and metal.<\/p>\n

Know your enemy<\/h3>\n

Kaspersky Lab decided to perform a vulnerability check of eight smart things: a smart charger, an app-controlled and webcam-equipped toy car, a receiver\u2013transmitter for smart-home systems, a smart scale, a vacuum cleaner, an iron (yes, a smart iron!), a camera, and a watch.<\/p>\n

The results were not encouraging. Of the eight devices only one proved to be secure enough, while the remaining gizmos did not boast reliable protection. Many of them used weak default passwords, which in some cases couldn\u2019t even be changed, and others left confidential information open to interception.<\/p>\n

Among the other smart things our experts examined was a popular \u201cspy\u201d toy \u2014 a phone-app-controlled car with a built-in camera. Connecting to the phone didn\u2019t even require a password, so the car could be controlled by absolutely anyone. This spy-on-wheels can record sound and video, allowing criminals to amass blackmail material and more on the gadget\u2019s owner.<\/p>\n

How to live in the IoT world<\/h3>\n

Here\u2019s what we advise to stay secure when using smart devices:<\/p>\n

Weigh the pros and cons before buying. Look for information about previous attacks on the gadget you\u2019re interested in. Perhaps some hacking stories have already surfaced on the Internet.<\/p>\n

Always change the default password to something more complex. If the device doesn\u2019t let you change the password, reconsider whether you really need it.<\/p>\n

If you still want to buy the device, think about ways to lessen the risks of attack. Kaspersky Lab has released a beta version of Kaspersky IoT Scanner<\/a>, a free security solution for smart gadgets. Kaspersky IoT Scanner checks your home Wi-Fi network, determines which devices are connected to it, and tells you whether they are securely protected.<\/p>\n","protected":false},"excerpt":{"rendered":"

A new study by Kaspersky Lab showed how insecure smart devices really are. We explain how to cope.<\/p>\n","protected":false},"author":40,"featured_media":9912,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[7,1486],"tags":[628,765,499,97,630],"class_list":{"0":"post-9913","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-products","8":"category-threats","9":"tag-internet-of-things","10":"tag-iot","11":"tag-products-2","12":"tag-security-2","13":"tag-smart-home"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/internet-of-vulnerabilities\/9913\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/internet-of-vulnerabilities\/11909\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/internet-of-vulnerabilities\/14151\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/internet-of-vulnerabilities\/12343\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/internet-of-vulnerabilities\/12147\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/internet-of-vulnerabilities\/14897\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/internet-of-vulnerabilities\/14761\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/internet-of-vulnerabilities\/19265\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/internet-of-vulnerabilities\/4503\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/internet-of-vulnerabilities\/20303\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/internet-of-vulnerabilities\/9826\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/internet-of-vulnerabilities\/8581\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/internet-of-vulnerabilities\/15385\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/internet-of-vulnerabilities\/8957\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/internet-of-vulnerabilities\/18858\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/internet-of-vulnerabilities\/19135\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/internet-of-vulnerabilities\/19127\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/internet-of-things\/","name":"Internet of things"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9913","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=9913"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9913\/revisions"}],"predecessor-version":[{"id":14780,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9913\/revisions\/14780"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/9912"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=9913"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=9913"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=9913"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}