How many homes have had Internet of Things today? Well, in Southeast Asia as I live there’s not much. But in fast growing countries, Internet of Things at Home is certainly a common thing. People use it to lock the doors, to maintain temperatures, to turn on/off the security alarm, or even help them make a coffee.
There are also more about Internet of Things at Home if you really pay attention. But the talk about Internet of Things and its flaws is real and some people are concern about it.
Alexandra Gheorghe, a Security Specialist at Mac World explained on How Internet of Things could get hacked.
Alexandra thinks that even an intelligent switch can turn plugged-in electronic devices on or off remotely, it can also be misused to break into your home network, to capture unsecured data, plant malicious programs and steal account credentials to any of your accounts, if they are not properly protected.
Internet of Things vendors have been developing their security to enhance customers experience. Unsecured Internet of Things devices can lead to leaked data or even criminals. To me, it is not funny if I have super cool house with Internet of Things but it got hacked and intruder went in. Big nope!
Alexandra also explains some vulnerabilities that can be exploited to infiltrate them and the whole network of the connected home such as:
1. During configuration, data – including the device ID and MAC address – is sometimes transmitted in plain text.
2. The communication between the device and the app passes unencrypted through the manufacturer’s servers.
3. The hotspot is poorly secured with a weak username and password and sometimes remains active after configuration.
4. The device comes pre-installed with a Telnet client carrying default credentials.
With some hacking skills and tools, an intruder can perform a basic brute-force attack to crack default access point credentials.
Or by using a secondary device, such as a router that generates its own hotspot, someone can mimic the original hotspot and intercept the data sent in clear by the mobile app. It’s a time-sensitive operation, but researchers have demonstrated it can be done.
On the other hand, if the device comes embedded with a poorly secured Telnet service, an attacker can break in to send malicious commands that stop, start or schedule the device.
Losing control over one product is bad enough, but it’s not the worst thing that can happen – your private information is at stake.
If attackers get hold of your Wi-Fi network, they can see what other devices are connected to your network and may try to control them, too. They can also find a way to install spyware or key loggers on your computers to grab the credentials of your online accounts… and then, havoc is bound to happen.