Hey! I am back again with a new and most awaited session, "IoT security and privacy". In this session, I am gonna share with you that
"Unraveling the Dangers of IoT Devices: Security, Privacy, and What You Can Do??"
Introduction:
So, let's begin.
First, you have to know
What is IoT (you can know that by clicking it), and then we can continue. Because this session would be very long If I start telling you that.
As we know evolutionary technologies gonna change the world. We will be living our lives in a more comfortable and automated environment as compared to today. We will have everything( machines) capable of doing their work automatically.
We can see the initialization nowadays. From tea kettles to door unlock systems, and from health-conscious wristwatches to auto-driven Water heaters, ACs, etc.
In any system, each component stores a piece of information that it uses and it works according to. Trust me, it can be very private information that you would not like to share with anyone, like what are you doing?, What time do you come home and when you're out?
Let's understand this. You woke up today and your wristwatch Wi-Fiold smart, Wi-Fi kettle to prepare tea for you and a smart water heater to get you a hot shower,
So, these start doing their work, but someone out of your info wants to hack your Wi-Fi and penetrate your systems connected to that wifi. This can harm you and your credentials and you would not like someone to hack your wifi.
But unfortunately, he can do so with some configurations and can get your wifi key.
Wait! Wait! Now, many companies producing smart devices are constantly improving their security and privacy systems, But it will take a lot of time to make those devices hack-free or say encrypted.
So, let's talk about some smart devices:
Smart doll:
And this is my favorite IoT device. This is my friend Jenny. She's an interactive-speaking kids doll. She has a microphone and a speaker. She can speak to your smartphone over Bluetooth. So all the processing goes on over here.
And she can listen to what your kids are saying. And she can respond to their questions. He's interactive. She's cool. Now, how does she work? Well, Jenny is awesome. microphone, speaker, and Bluetooth, she is the hands-free headset. You can make telephone calls on the doll if you wish.
And as I'm sure you know, driving with your phones here is illegal. But not with a doll. So we will come back to her but what interested me first was when I saw her in the store, there were in the boxes that said internet safe, child friendly. So that's a big claim to make.
Now, the bit that I found creepy was when you connect your smartphone to your vehicle, you have to put in a pin right and that sets up a type of frequency hopping which gives you security.
However, when you connect your phone to the doll, there is no pin which means that anyone in Bluetooth ranges so 30- 40-50 meters can connect to the Charles doll, microphone speaker which means that someone outside on the street, In the next house, can listen to the microphone and spy on your kids, or can talk to them as well. And I find that creepy.
Wireless security camera:
Now, this is a wireless home security camera. It's cool. It's battery-operated. And it has a really good battery life. And you can stick it in your house or you can stick it outside your home. And you can see your house and your security cameras remotely from your phone.
And unfortunately, we found some security flaws with it, when you access the cloud service that the mobile phone talks to and interacts with the cameras. Unfortunately, you can switch it to someone else's cameras. Just by messing around with the camera IDs, you can see someone else's footage. It's got a microphone too, so you can listen as well.
Now the good news about this one is it got fixed very quickly, the manufacturer was responsive, and they fixed it fast, which is great. But these products have been on the market for about nine months, it was only just coming along that resulted in the vulnerability being found. And I think that's worrying.
This one is slightly different. This is a wide security camera, it takes power, and it sends Wi-Fi feed not over Wi-Fi but over a USB cable. And it goes to a recorder called a digital video recorder. And these are many, many these around the world in offices and homes.
A computer hacker found a vulnerability in the recorders. And he realized that he could connect to them all and make them all start attacking other websites. Nearly 300,000 IoT digital video recorders started attacking various social networks in October 2016. They took it offline, they took Twitter offline for two hours.
Crazy!
So we have weapons from the IoT in our house. Now, maybe you've been unlucky, maybe you've had data held to ransom, maybe your photographs, your family photographs have been encrypted by bad guys, and held to ransom. Now we wanted to explore whether it was possible to hold IoT for ransom.
And we started by looking at a smart thermostat. This is a brand that's quite popular in the US. And we started looking at its security to understand as wet worked. And the first thing we did was we got the code out of the chips. It's called firmware.
It also has the facility to upload family photographs to act as wallpaper so you can have photos of your family and kids on the thermostat. But, We found a bunch of security flaws. Unsurprisingly, the code was so oddly put together with many weird references. And we discovered we can hold someone's thermostat, their heating, and the air conditioning to ransom.
Now that was a bit silly. So what! Why would you encrypt someone's thermostat? Fine. But what if that was your vehicle, and your vehicle wouldn't stop unless you paid a ransom? This is all very possible. And that's what worries me about the state of IoT right now.
It's quite concerning. But then I realized the same attack could do something nasty. The problem with IoT, it's not your IoT. It's everyone's IoT has all got the same problem. So every instance of that thermostat could be used by a hacker, what if they could trigger everyone's heating or air cooling?
At the same time, you can create spikes in the power grid. It only takes a little to trip, a power cut.
So our desire to put smart technology in our houses has inadvertently exposed the stability of our nations I think that's worrying.
There is some good news. There have been some efforts to try and, get vulnerable, poor, insecure IoT banned and some work by the Norwegian Consumers Council. And also the European consumer organization.
Some Facts' Credit: TEDx TALKS
Conclusion:
And I think we can do better than that. What about you, though? What about us? What can we do? How can we improve things? Well, there are some things that we can all do. And the first thing I want you all to do is go and fix yourselves. You don't need to be a cool hacker, to hack people. If your passwords are weak, easy to guess, or blank or the default one, make them long, and strong. Use a password manager, and make sure the pins on your mobile phones aren't four digits, and make sure they're six or eight.
And then patches, apply patches to your phones and your computers to make them stay secure. And the next thing is IoT, you can put it on a separate network at home. If you don't know how to do that, go and read up if you don't want to do that don't buy IoT be safe.
But I think also as consumers we can make a difference if we don't buy products that we're not sure about the security of, we're going to force the hands of manufacturers to prove it secure and make it safe for us. The problem is this.
There are far too many IoT products out there. There aren't enough organizations and people like me out there doing research and exposing this poor practice.
And there are very few vendors that care about security. There are some good examples. But by and large IoT security is really poor. And sadly, I think we have to face it, there is a serious problem with security and IoT. To the point, I think we almost need to be afraid of IoT.
So, that's enough for today guys! We will meet again with a very new discussion! till then, share it with your friends and family and make them aware of some cool-looking faulty devices and what precautions, we should take in a digital environment!!!!
Ta Da!!!!
No comments:
Post a Comment