{"id":6322,"date":"2014-08-29T10:00:45","date_gmt":"2014-08-29T14:00:45","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=6322"},"modified":"2014-08-29T10:00:45","modified_gmt":"2014-08-29T14:00:45","slug":"does-the-internet-of-things-leave-you-vulnerable-to-cyber-attack","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/29\/does-the-internet-of-things-leave-you-vulnerable-to-cyber-attack\/","title":{"rendered":"Does the Internet of Things leave you vulnerable to cyber attack?"},"content":{"rendered":"

\"\"<\/a><\/p>\n

At the Black Hat security conference in Las Vegas earlier this month, researchers demonstrated how a Nest thermostat can be hacked, to show how easily connected appliances\u2014the household technologies that make up the Internet of Things\u2014can be compromised. When you look beyond the demo’s hyperbolic headlines, it turns out the hack requires physical access to the Nest device, but the questions remains, \u201cHow vulnearable is IoT?\u201d<\/p>\n

To find out, David Jacoby, a security researcher with Kaspersky Lab, hacked his own living room.<\/p>\n

In a blog post detailing the exercise, Jacoby describes the array of connected devices in his home. He has two different NAS (network-attached storage) units, a smart TV, satellite receiver, printer, and the router from his Internet provider. Aside from the NAS units, it’s all technology you can find in just about any house.<\/p>\n

Jacoby identified 14 vulnerabilities just in the two NAS units, one in the smart TV, and several concerning issues with his Internet router. He found remote code execution flaws and weak passwords on the NAS devices, a potential for a man-in-the-middle attack on unencrypted traffic between the smart TV and the TV vendor\u2019s servers, and hidden backdoors in the router designed to provide the Internet provider support personnel to remotely access any device on the private network.<\/p>\n

The results are concerning. It took Jacoby less than 20 minutes to find and verify extremely serious vulnerabilities that expose his home to significant risk. He explained, \u201cIndividuals and also companies need to understand the security risks around connected devices. We also need to keep in mind that our information is not secure just because we have a strong password, and that there are a lot of things that we cannot control.\u201d<\/p>\n

Unfortunately, securing IoT devices is a bigger challenge in many cases than patching and securing traditional computing devices. Many IoT technologies lack any sort of direct user interface, so you are dependent on the vendor to make it as secure as possible off the shelf and to deploy updates in a timely manner when flaws are discovered.<\/p>\n

There are a few things you can do yourself, though. Jacoby says users should keep devices that do offer firmware and security patches up to date. He also stresses that all default passwords should be changed. Finally, Jacoby recommends exploring more advanced features in some routers that will enable you to restrict access so that only designated devices on your network are allowed to connect to the network or access other resources.<\/p>\n

via Does the Internet of Things leave you vulnerable to cyber attack?<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

At the Black Hat security conference in Las Vegas earlier this month, researchers demonstrated how a Nest thermostat can be […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,10],"tags":[274,342],"class_list":["post-6322","post","type-post","status-publish","format-standard","hentry","category-security","category-technology","tag-devices","tag-exploits"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1DY","jetpack-related-posts":[{"id":6118,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/04\/is-your-dropcam-live-feed-being-watched-by-someone-else\/","url_meta":{"origin":6322,"position":0},"title":"Is your Dropcam live feed being watched by someone else?","author":"NCCT","date":"August 4, 2014","format":false,"excerpt":"Dropcam, the popular video monitoring camera, bills itself as \u201csuper simple security.\u201d But a pair of researchers plan to show at the Defcon hacking conference later this week how a Dropcam could be a weak point. Patrick Wardle and Colby Moore, both of whom work for security firm Synack, tore\u2026","rel":"","context":"In "Hardware"","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3067,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/07\/31\/some-home-automation-systems-are-rife-with-holes-security-experts-say\/","url_meta":{"origin":6322,"position":1},"title":"Some home automation systems are rife with holes, security experts say","author":"NCCT","date":"July 31, 2013","format":false,"excerpt":"A variety of network-controlled home automation devices lack basic security controls, making it possible for attackers to access their sensitive functions, often from the Internet, according to researchers from security firm Trustwave. Some of these devices are used to control door locks, surveillance cameras, alarm systems, lights, and other sensitive\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/images.techhive.com\/images\/article\/2013\/07\/veralite-copy-100048275-large.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/images.techhive.com\/images\/article\/2013\/07\/veralite-copy-100048275-large.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/images.techhive.com\/images\/article\/2013\/07\/veralite-copy-100048275-large.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":5923,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/07\/one-of-my-sites-got-hacked-and-its-my-own-fault\/","url_meta":{"origin":6322,"position":2},"title":"One of my sites got hacked, and it’s my own fault","author":"NCCT","date":"July 7, 2014","format":false,"excerpt":"It started with a text message from my wife: \"ZATZ site hijacked by nasty porn.\" This is not exactly the message you want to get at 6pm on July 3rd. I had been planning on beginning my holiday weekend with a prolonged sittin'-on-the-couch-watchin'-TV night, but that was not to be.\u2026","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/07\/2014-07-03-21-39-45-200x343.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":6733,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/10\/30\/drupal-users-assume-your-site-was-hacked-if-you-didnt-apply-oct-15-patch-immediately\/","url_meta":{"origin":6322,"position":3},"title":"Drupal users: Assume your site was hacked if you didn’t apply Oct. 15 patch immediately","author":"NCCT","date":"October 30, 2014","format":false,"excerpt":"Users of Drupal, one of the most popular content management systems, should consider their sites compromised if they didn\u2019t immediately apply a security patch released on Oct. 15. The unusually alarming statement was part of a \u201cpublic service announcement\u201d issued by the Drupal project\u2019s security team Wednesday. \u201cAutomated attacks began\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5916,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/08\/attack-on-dailymotion-redirected-visitors-to-exploits\/","url_meta":{"origin":6322,"position":4},"title":"Attack on Dailymotion redirected visitors to exploits","author":"NCCT","date":"July 8, 2014","format":false,"excerpt":"Attackers injected malicious code into Dailymotion.com, a popular video sharing website, and redirected visitors to Web-based exploits that installed malware. The rogue code consisted of an iframe that appeared on Dailymotion on June 28, researchers from security vendor Symantec said Thursday in a blog post. The iframe redirected browsers to\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8690,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/10\/22\/researcher-shows-how-it-could-take-hackers-just-10-seconds-to-wirelessly-upload-malware-to-a-fitbit\/","url_meta":{"origin":6322,"position":5},"title":"Researcher shows how it could take hackers just 10 seconds to wirelessly upload malware to a FitBit","author":"NCCT","date":"October 22, 2015","format":false,"excerpt":"By Rob Thubron In recent times, hackers have been discovering ways to exploit wireless systems in a number of devices, from vehicle infotainment centers to self-aiming sniper rifles. It now seems another gadget may be added to this list, as Fortinet researcher Axelle Apvrille has revealed that fitness-tracking wristband FitBit,\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/qa8qVAPPlTE\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6322","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=6322"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6322\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=6322"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=6322"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=6322"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}