Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Smart Devices. Show all posts

Here's How to Safeguard Your Smart Home Connected Devices

 

In a time where digital devices influence our daily lives, it is normal for households to have multiple smart home devices. Statistics show that each person owns at least three devices, with North Americans owning an average of nine. It is critical to understand that having a large number of devices and users on a single network could present serious issues. If a single device becomes infected, the entire network can be compromised. Certain measures must be taken to limit the implications and reduce the likelihood of cyberattacks. 

Here are three essential cybersecurity tips for securing smart home devices and safeguarding your network. 

Update software: It's critical for security that you keep the firmware and software on your smart devices updated. Updates are released by manufacturers to address vulnerabilities, fix issues, and occasionally add new features. If you don't update your devices, hackers may be able to take advantage of known vulnerabilities on them. 

Automatic update features are available on many devices; if they are, you should activate them. Without the need for human interaction, automatic updates make sure that your devices get the most recent security fixes as soon as they are made available. Updates can also improve your devices' general operation and performance, making them more dependable, efficient, and safe. 

Change default password: Devices from manufacturers typically come with default credentials that are public knowledge and easy to get hold of. Because these default passwords—like "admin" or "password123"—are often weak and predictable, brute-force assaults target them frequently. Thus, the first step is to make sure you secure the security of your smart gadgets and change them. 

A password manager may be useful for generating and storing complex passwords, making sure that each device has a unique password. Furthermore, ensure that you periodically update your passwords and avoid reusing old ones. 

Monitor devices: Regular monitoring of your connected smart devices is critical for detecting any strange or unauthorised behaviour early. Use network monitoring software to keep track of any devices that are linked to your home network. Applications such as Fing or built-in router tools can give you insight into your network. 

Make sure you set up alerts for new device connections and suspicious activity. Many modern routers include this feature, which notifies you of any new devices joining your network. This allows you to quickly discover and address any unwanted connections.

Three Ways Smart Devices Can Compromise Your Privacy

 

Any gadget that has an internet connection and can be operated by a computer or smartphone is considered a smart device. Home appliances, security cameras, thermostats, doorbells, lighting systems, and other networked gadgets are examples of such devices. 

Smart devices are becoming more prevalent due to the comfort they provide. However, with this ease comes a higher risk to your privacy. 

When people talk about smart gadgets, they are referring to the internet of things (IoT) and its ability to connect all of your devices together. This means that all of the data generated by each device can be viewed and shared with other connected devices, potentially exposing sensitive information about you and your home life. Here are three ways that smart devices might jeopardise your privacy. 

Location tracking 

Many smart devices track and save users' whereabouts, allowing detailed profiles of their behaviours to be created. Without the user's knowledge or consent, this data can then be sold to third parties. 

With smart devices like fitness trackers and smartphones, this has become a serious issue. If you're not careful, your smartphone may be sharing more information than you realise. You may believe that you have control over the data it collects, but this is not always the case. 

Insecure Wi-Fi 

Wi-Fi is used by many smart gadgets to connect to the internet. This means that if adequate safety measures are not in place, it may be vulnerable to hackers. Hackers can gain access to your device, look into sensitive data like passwords, and even take control of it. 

Hackers have been known to hijack smart devices via Wi-Fi connections and use them to launch cyber-attacks. This is especially important if you travel with smart gadgets such as phones or laptops, as they may connect to unsecured Wi-Fi networks. 

Webcam vulnerabilities 

Smart devices frequently include built-in cameras and microphones that can be hacked to gain access to the user's audio and video records. This has been a major problem in recent years, with cases of "webcam hacking" growing steadily. 

People are increasingly installing cameras in their doorbells, baby monitors, and even televisions. All of these can be hacked into if the user does not take proper safety measures. For example, in some cases, hackers have taken over security cameras and utilised them to spy on unsuspecting individuals in their homes. This is an extreme example of a privacy infringement that can be avoided with adequate safety measures. 

Bottom line 

Smart devices can be a wonderful addition to the home, but you must be aware of the risks that they involve. They can violate your privacy in a variety of ways, including  targeted attacks, location tracking, real-time recording, and so on. 

Furthermore, flaws in your connectivity solution can expose your devices, data, and family or customers to cyber-attacks. Understanding the threats and implementing the required security measures will help you secure your privacy. Early intrusion detection is the most successful method of preventing cyber-attacks, and this is still true in the Internet of Things era.

Unveiling the Unseen Cybersecurity Threats Posed by Smart Devices

 

The number of smart devices worldwide has surpassed the global population, with a continuous upward trend, particularly amidst remote and hybrid work settings. Ranjit Atwal, Gartner's senior research director, attributes this surge to the increase in remote work. As work mobility grows, the demand for connected devices like 4G/5G laptops rises, crucial for employees to work from anywhere.

Smart devices encompass gadgets connecting to the internet, like smart bulbs, speakers (e.g., Amazon's Alexa), and wearables such as the Apple Watch. They collect data, enhancing user experience but also pose security risks exploited by cybercriminals. Surprisingly, consumers often overlook security when purchasing smart devices, as shown by Blackberry's research.

In response, the European Union proposed the "Cyber Resilience Act" to enforce cybersecurity standards for all connected devices. Failure to comply may result in hefty fines. Margrethe Vestager from the European Commission emphasizes the need for market products to meet robust cybersecurity measures, likening it to trusting CE-marked toys or fridges.

Security vulnerabilities in smart devices pose threats, as seen in TP-Link's smart lightbulb. Exploiting these vulnerabilities could grant hackers access to networks, risking data and enabling potential malware deployment. Even smart homes face numerous entry points for hackers, as illustrated by investigations conducted by Which?, showcasing thousands of hacking attempts in a week.

Mirai botnet targets smart devices, using brute-force attacks to gain access via weak passwords. In a concerning case, a Google Home speaker was turned into a wiretap due to vulnerabilities, highlighting the potential risks associated with unsecured devices.

Securing home networks becomes paramount. Strategies include:

1. Purposeful Device Selection: Opt for devices that suit your needs, avoiding unnecessary interconnected gadgets.
2. Router Security: Update router settings, change default passwords, and enable automatic firmware updates.
3. Password Management:Use password managers to create strong and unique passwords for each account.
4. Multi-Factor Authentication (MFA): Employ MFA to add layers of verification during logins.
5. Wi-Fi Network Segmentation: Create separate networks for different devices to isolate potential threats.
6. Virtual Private Networks (VPNs):Invest in VPNs to encrypt online activities and protect against cyber threats on unsecured networks.

Implementing these measures strengthens overall cybersecurity, safeguarding personal data and devices from potential breaches and threats.

Nexx Garage Door Cyber Vulnerabilities: Risks in Smart Home Security

Smart home devices have become increasingly popular in recent years, promising convenience, efficiency, and security. However, recent cyber security vulnerabilities in the Nexx Garage Door Opener have highlighted the risks of relying too heavily on technology without considering the potential consequences.

The Nexx Garage Door Opener is a smart home device that allows homeowners to open and close their garage doors remotely using their smartphones. However, security researchers have discovered that the device is vulnerable to hacking, allowing unauthorized access to the garage and potentially the entire home network.

According to a report by Bleeping Computer, hackers can easily exploit the vulnerabilities in the device's software and gain access to the device's firmware, allowing them to take control of the device remotely. There is currently no fix for this vulnerability, leaving homeowners vulnerable to potential cyber-attacks.

This is not the first time the Nexx Garage Door Opener has been found to be vulnerable to cyber-attacks. In 2019, security researchers discovered that the device was susceptible to a brute force attack, allowing hackers to access the garage door opener by guessing the password. The manufacturer released a patch to fix the vulnerability, but the recent discovery of the new vulnerability suggests that more work needs to be done to improve the security of smart home devices.

The vulnerability in the Nexx Garage Door Opener is just one example of the risks associated with smart home devices. As more and more devices are connected to the internet, the risk of cyber-attacks increases. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about the vulnerability and urged users to take immediate action to secure their devices.

In light of these vulnerabilities, it is crucial for homeowners to take a proactive approach to smart home security. This includes choosing devices from reputable manufacturers, keeping software and firmware up to date, and regularly changing passwords. Additionally, it is essential to monitor devices for any suspicious activity and be aware of the potential risks associated with using smart home devices.

In conclusion, the Nexx Garage Door Opener cyber vulnerabilities are a stark reminder of the importance of cyber security in smart homes. While the convenience and efficiency of smart home devices are appealing, it is essential to take precautions to protect against potential cyber-attacks. Homeowners must be proactive in their approach to smart home security, and manufacturers must take responsibility for improving the security of their devices.

ESET: Criminals will be Able to Steal Personal Data Using Smartwatches

 

ESET analysts reported that cybercriminals can use smartwatches to steal personal data and warned Russians about the main dangers associated with this gadget. 

"According to our estimates, the market for smartwatches and fitness trackers will grow by 12.5 percent annually and will exceed $118 billion by 2028. Such indicators cannot but attract scammers. Therefore, it is worth understanding in advance the security and privacy risks associated with this," the ESET study says. 

The threat of data interception is due to the fact that many smartwatches and fitness trackers are synchronized with the owners' smartphones, including some applications such as e-mail or messengers. Thus, attackers can hijack both devices, which threatens, in particular, the loss of passwords. ESET further warns that the stolen personal data can then be sold on the darknet. 

Another serious risk for a cybercriminal's victim is tracking the GeoPosition of the device. Such data allows hackers to draw up a detailed diagram of the user's movements in order to attack his home or car. "The safety of children's smartwatches, which can be monitored by outsiders, is even more worrying," ESET states. Speaking about the specific vulnerabilities of smart fitness trackers, cyber specialists pay attention to Bluetooth technology, in which "numerous vulnerabilities have been discovered over the years," weak software of gadgets and paired smartphone applications that may contain coding errors. 

According to ESET analysts, risks can be reduced via the use of two-factor authentication, the use of a strong password to lock the screen, as well as a ban on external connections to smartwatches will also prevent threat. 


Data can be leaked both via the Internet and via Bluetooth a critical Bluetooth vulnerabilities allow executing arbitrary malicious code on the device and gaining full control over the device's system, as well as carrying out a man-in-the-middle attack (MiTM), which leads to the unauthorized interception of user data.

Russian Law Requires Smart Devices To Come Pre-Installed With Domestic Software

Russia is taking security measures against technology that can hurt big tech companies in the region. In light of new laws, every smart device such as TVs, computers, smartphones, and tablets that will be purchased in Russia from now it is mandatory for it to come with pre-installed Russian-domestic software in the device. The new law is deciphered as an attempt by the government to shut down online freedom but the government officials are stating that this initiative has been introduced to promote home tech firms and to help Russian home tech companies to compete with foreign counterparts. 

The two Russian tech giants such as Yandex and Mail.ru. will be providing the pre-installed software in smart devices. 

“The law applies from Thursday to all devices and the Company said that it would offer apps from Russian developers to users activating phones but that all apps were checked to make sure they meet Apple's own privacy and security policies", Reuters said. 

In other words, it means that clients will be able to choose Russian-domestic software and apps over multinational companies’ software when setting up their smart devices. Additionally, on Twitter an iOS developer – Tian Zhang has shared a video of the new setup process on Thursday. 

Now a screen in the setup reads, "In compliance with Russian legal requirements, continue to view available apps to download." Tapping "continue" redirect the user to a list of Russian-domestic software and apps, including several from the search giant Yandex. 

Intelligence is saying that Russia is trying to compete with the US tech giants in the country and simultaneously trying to strengthen its reliance on its government-controlled "sovereign internet." 

It is about the last month when the Russian government slowed down Twitter in the response to Twitter's refusal to remove the banned content from the platform, but that ended up blocking several domains, including the Kremlin's website.

CSIRO's Data61 Developed Voice Liveness Detection 'Void' to Safeguard Users Against Voice Spoofing Attacks


Spoofing attacks that impersonate user's devices to steal data, spread malware, or bypass access controls are becoming increasingly popular as the threat actors expand their horizon with the improvisation of various types of spoofing attacks. Especially, voice spoofing attacks that have been on a rise as more and more voice technologies are being equipped to send messages, navigate through smart home devices, shop online, or to make use of net banking.

In a joint effort for the aforementioned concern, Samsung Research and South Korea's Sungkyunwan University and Commonwealth Scientific and Industrial Research Organisation's (CSIRO) Data61, came up with 'the voice liveness detection' (Void) to keep users safe against voice spoofing attacks.

In order to detect the liveness of a voice, Void gains insights from a visual representation of the spectrum of frequencies known as 'spectrograms' – it makes the functionality of void a little less complex compared to other voice spoofing methods that rely on deep learning models, as per Data61.

How Void helps in detecting hackers spoofing a system? 

The void can be inserted in consumers' voice assistance software or smartphones in order to spot the difference between 'a voice replayed using a speaker' and 'a live human voice', by doing so it can easily identify when a cybercriminal attempts to spoof a user's system.

While giving further related insights, Muhammad Ejaz Ahmed, a cybersecurity research scientist at Data61, told, “Although voice spoofing is known as one of the easiest attacks to perform as it simply involves a recording of the victim’s voice, it is incredibly difficult to detect because the recorded voice has similar characteristics to the victim’s live voice,” he said.

“Void is a game-changing technology that allows for more efficient and accurate detection helping to prevent people’s voice commands from being misused.”

'Paranoid' Blocks your Smart Speakers from Spying on you


Smart speakers have proven to be one of the most versatile gadgets of the era, the high-tech AI companions can do everything from playing music to ordering a meal with just the sound of your voice. They come with virtual assistants ready to answer all your queries, other features include reminding you of appointments, telling about the weather and news along with helping you to control your smart home devices.

Amazon's Echo and Google's Nest are two of the widely employed smart speakers. However, these devices also raise security concerns in regard to the voice captured by the speakers but in order to avail services of a voice assistant that as a matter of fact operates on voice commands, you can't block it from listening to your voice.

To make the experience easier and safer, a new device known as 'Paranoid' is made to enter the tech space, it is designed to block your Amazon Echo or Google Home smart speaker from listening to your voice until you say the word, "Paranoid" which is the device's wake word. After saying the word, the gizmo allows your smart speaker to listen.

Another thing to take notice of is the simplicity in the operations of Paranoid, it's extremely easy to use, it simply needs to be connected to the smart speaker in order to block it from spying upon you –meanwhile,  it still allows the speaker to be voice-activated. In order to activate it, all you have to do is to say "Paranoid" every time before you say "Okay, Google!" or "Alexa!"

The device comes in three different variants, The Home Button, Home Wave, and Home Max. It has no antenna, no SIM card slot, no Bluetooth, no Wi-Fi and no kind of wireless capability. As per its website, the makers claim that their device is "hack-proof".

The Home Button is the simplest model, it is placed on Amazon Echo's mute button and presses it manually. The second one, the Home Wave is designed to jam the microphones on your smart speakers and the most sophisticated one, the Home Max requires you to send your Amazon Echo or Google Home Devices to Paranoid headquarters stationed at Edmonton, Alberta. There, experts will attach your speaker's microphone cable to an external Paranoid device by cutting off the original cable. After the completion of the process, your smart speakers will be sent back to your address.

All the three models of Paranoid can be purchased from its official website; the original charges of the device and services are $49, however, as of now it will cost only $39.

Computers can be hacked through a "smart" light bulb


Smart light bulbs can not only make the lighting in an apartment and house more convenient and cheaper but also threaten the safety of their owners.

Experts have proven that hackers can hack computers through smart light bulbs. The vulnerability in the smart home system was noticed by cybersecurity company Check Point.

Experts have discovered a way to hack computers through a lamp using a Philips smart home system. At the first stage, the virus program is downloaded to the victim's smartphone and causes the lighting to fail. Experts have noticed that the only way to fix the problem is to reinstall the app, so the user deletes the program and re-downloads it to their phone.

At the stage when the owner of the lamp connects it to the smart home system, attackers take advantage of the vulnerability in the ZigBee protocol, which Philips uses. At the moment of pairing between the lamp and the smart hub, the malicious algorithm causes an overflow of the system buffer, which bypasses the antivirus and is installed on the computer's disk. After that, the device goes under the remote control of hackers.

Check Point experts said that the study has already attracted the attention of the manufacturer of smart lamps and eliminated the gap in the system. Experts advised owners of the Philips smart home system to update their software.

Experts have found vulnerabilities in Philips smart bulbs (at the moment, the problem with these devices has already been solved), but it is possible that similar vulnerabilities are found in many other smart home devices.

Earlier EHackingNews reported that in the fall of 2019, an IT specialist from Russia and blogger Anna Prosvetova discovered a vulnerability in Xiaomi Furrytail Pet Smart Feeder. Since feeders are used when the owners leave the house for a long time, pets may starve to death. The vulnerability was discovered in the application API through which feeders are controlled.

Milwaukee Couple's Nest Smart Home Hacked, Vulgar Music was Played


Smart home products designed by Nest such as smart cameras, smart displays, smart thermostats, and smart doorbells to make our lives more comfortable and safe, may not be all that safe according to a horrifying incident reported by a Milwaukee, Wisconsin based couple, Samantha and Lamont Westmoreland.

 After a hacker hacked into the couple’s home and took control of their gadgets, Samantha said, "It's (installation of gadgets) supposed to make me feel safe, and I didn't feel safe", "My heart was racing, I felt so violated at that point."

As per a report by Fox 6 News, on September 17th, Samantha returned home in which she has Nest camera, a doorbell and a thermostat installed, and found the atmosphere unreasonably warmer, she immediately noticed that her smart thermostat has risen up to 32 degrees Celsius (90 degrees Fahrenheit).

Initially, she assumed it to be a glitch and set it back to the room temperature, but it kept on going up after every time she turned it down. A while later, the couple heard a voice talking to them from their Nest camera and afterward it played vulgar music. Samantha went ahead, unplugged the camera and turned it to face the ceiling. They changed the passwords of all the three devices but as the issues persisted, they resorted to contacting their internet service provider to have their network and Ids reset.

The couple was of the opinion that their Wi-Fi network and Nest camera was hacked, putting the actual problem into perspective, Lamont Westmoreland said, "If someone hacks into your Wi-Fi, they shouldn't be able to have access to those Nest devices without some sort of wall they have to get over,"

In a conversation with Fox 6 News, the couple revealed that the smart home accessories they had installed at their home since last year, cost them $700, and that they have never faced any problem before this; however, in the wake of this terrifying incident they had a change of mind regarding smart home devices.

Meanwhile, responding to the disturbing experience, a spokesperson of Google, told a media outlet, “Nest was not breached. These reports are based on customers using compromised passwords. In nearly all cases, two-factor verification eliminates this type of security risk,"

TP-Link's SR20 Smart Home Router Discovered To Come With a Vulnerability As Per Google Security Researcher




TP-Link's SR20 Smart Home Router is recently discovered to come with a vulnerability allowing arbitrary command execution from a local network connection as per a Google security researcher Matthew Garrett. The router, launched in 2016, uncovered various commands that come with root privileges and do not even require validation.

The endeavor was uncovered by the researcher after he was unable to request a reaction from TP-Link, and even published a proof-of-concept to exhibit the said weakness.

Garrett took to twitter to clarify that the TP Link SR20 Smart Home Router accompanying TDDP (TP- Device Debug Protocol), which is influenced with a few vulnerabilities, and one of them is that version 1 commands are 'exposed' for attackers to exploit.

He says that these uncovered directions enable aggressors to send an order containing a filename, a semicolon, to execute the procedure.

 “This connects back to the machine that sent the command and attempts to download a file via TFTP (Trivial File Transfer Protocol) corresponding to the filename it sent. The main TDDP process waits up to four seconds for the file to appear - once it does, it loads the file into a Lua interpreter it initialized earlier, and calls the function config_test() with the name of the config file and the remote address as arguments. Since config_test () is provided by the file that was downloaded from the remote machine, this gives arbitrary code execution in the interpreter, which includes the os.execute method which just runs commands on the host. Since TDDP is running as root, you get arbitrary command execution as root,” he explains on his blog.

In spite of the fact that Garrett says he reported to TP-Link of this vulnerability in December, by means of its security disclosure form, the page disclosed to him that he would get a reaction within three days, however hasn't heard back from them till date. He additionally said that he tweeted at TP-Link with respect to the issue, yet that gathered no reaction either.