This blog provides information on recent security hacks that have taken place as a result of the internet of everything (IoE) and what a business can implement to protect themselves.
The internet of everything (IoE) is a huge trend that is currently increasing in popularity, which means that everyday objects such as fridges, cars and TV’s can have network connectivity to the internet, or other smart devices.
Def Con is the world’s largest hacking convention, where around 15,000 of the world’s top hackers come together in Las Vegas. In this year’s convention, IoT was a huge topic, with many discussions on the latest smart devices that could be hacked. There were many data leaks and bugs in a range of devices such as solar panels, thermostats and door locks.
A particularly concerning topic that came up was regarding cyber criminals. It was stated that these attackers can use smart devices to launch a DDOS (distributed denial of service) attacks- as smart devices are easier to find and take over than standard computers.
One of the most recent hacks of IoE devices is on a range of Volkswagen cars, discovered by security researchers. Although the full details of how this hack was successful has not been disclosed, the basic principles were explained. The researchers found that by using a cheap homemade radio, to spy on the car key fob signals. This method also allowed the attacker to clone digital keys, which then allows them to unlock a range of other Volkswagen cars.
Recently, the DNS provider Dyn was the victim of a DDoS attack. The hackers utilised thousands of IOE/IOT devices such as baby monitors and kettles to launch the attack. They managed to exploit the fact that these devices use default credentials and don’t have enough memory to deploy security techniques on the device itself. During this attack, the only major DNS provider which didn’t get affected was OpenDNS. The reason for them not being affected by the attack was due to the fact that they “use smart caching during outages” that allows them to reach websites even if the backend is flooded with requests.
Is your fridge a threat?
Some home appliances have been found to be vulnerable to various attacks. Osram have designed internet connected light bulbs which featured a major mistake. The lightbulbs which are controlled by an app allowed attackers to gain access to the wifi network that the lightbulbs were connected to. Security researchers also said that the attacker could potentially control the lights. Access to the home wifi network was able to be gained due to the huge flaw from the application developers. They allowed the app to store the wifi password unencrypted (plain text) – which could give the attacker access to the wifi network and other wifi connected devices.
Another appliance that has had vulnerabilities discovered are smart fridges. In particular the Samsung smart fridge. At the Def Con conference last year, the fridge was involved in a hacking challenge by a security company. The company found that they were able to conduct a man-in-the-middle attack to obtain Gmail user login credentials that were used on the fridge. They discovered that although the fridge uses SSL for security, the fridge didn’t validate the SSL certificate, which allowed them to gain network access as well as get the login credentials.
We are pleased to announce that we are adding OpenDNS to our portfolio. Cisco has recently acquired the solution and has rebranded it as Cisco Umbrella. For those that don’t know it is a cloud security platform that provides the first line of defence against threats on the internet. The platform provides a predictive malware breach protection service that blocks hackers in their tracks. Through working at the DNS level it blocks malware and phishing attempts before they have the opportunity to infect your infrastructure regardless of your users location or device.