Thursday, March 16, 2017

Insecurity of Smart Things, cyber attacks and vulnerability of the IoT

Billions of smart things connected, are they really secure?

Smart things such as telephones, televisions, cars, medical equipment, smart homes, etc… have taken a leading role in today's market, the aim of these devices is to provide a better product and customer service.

Approximately 6.4 billion smart things are connected, only in the United States there are 25 devices connected to the network per 100 inhabitants. People use these devices on a daily basis without realizing that they can be victims of an information theft attack at any time.

Cyber attacks to the Internet of Things

Smart phones

Our phones contain important information such as bank account passwords and credit card information, this information can be stolen simply by downloading an application that is infected.

Apple iOS Users

It is not recommended to violate the security of the iOS systems, this is called  "jailbreak" and this practice allows phones to install applications not authorized by Apple App Store, these types of phones are most vulnerable to attacks.According to the annual report of Symantec given in April 2016 , the Apple phones presented the following attacks:

  • 9 new iOS threat families were identified by 2015.
  • Bootlegged developer software XcodeGhost, infected up to 4,000 applications.
  • YiSpecter malware completely avoided the application store by using the enterprise application provisioning framework.
  • Youmi embedded in 256 iOS applications. This software is used in applications to display advertising, but also sends personal information to a remote location without the consent of users.
  • Vulnerabilities in Apple's AirDrop wireless file transfer system could allow an attacker to install malware on an Apple device.

Andriod Users

Per the Symantec report, in the first quarter of 2015, 550 attacks were blocked for the day, gradually decreasing this number until in the fourth quarter again rose 495 blocked attacks per day.
In July 2015, 7 vulnerabilities were identified and 2 more were identified in October.The attacks mostly come from downloads of multimedia messages like videos.
There were also phishing attacks by opening a fake window to enter the bank password on the banks websites.

Some of the recommendations for phone safety are:

• Keep applications up-to-date.
• Don't downloading applications from unauthorized sites.
• Don't Jailbreak the device, they are more vulnerable to attacks.
• If you suspect your account has been compromised, change your Apple ID or Google Play password.
• Be careful of emails or notifications that pop up on your screen asking for personal information.
• Be careful opening unwanted video or audio files.

Smart TVs

These devices can also receive attacks as fraud clicks, be controlled by criminals without even perceiving it, can steal password data or even be victim of the ransomware technique that encrypts files and keeps them hostage until a payment is made. Here is a video demonstration of how smart TVs can be hacked.

Smart cars

A proof-of-concept was made to demonstrate that hackers could have remote control of the smart cars of the brands Fiat Chrysler and Jeep, but this doesn’t mean that the other brands are exempt. This goes beyond the theft of information; this attacks the lives of people. Here is a video that shows how a Jeep is controlled remotely. 

In the UK there have been cases of cars theft because keyless smart systems have been hacked.

Smart Homes devices:

I think smart devices bring a lot of benefits to users, they do incredible things that we never imagined or just watched in science fiction movies. It is for this reason that the world is flooded with these devices, we really like it, they simplify life, they give us intelligent information when we need it, but definitely the developers of these technologies require better security mechanisms to prevent information theft or even attacks against life as in the case of smart cars.

Think about the smart devices you have and evaluate what actions you could take to avoid an information theft attack?

Comment your ideas so others can also protect themselves.