Are Your Fish Tanks a Security Risk?
“Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network.” — Justin Fier, director for cyber intelligence and analysis at security firm Darktrace.
Smart home environments offer the potential for significantly improved energy efficiency and control over home security while providing an incredible level of convenience through automation of appliances, lights, cameras and alarm sensors. However, as is the case with all IoT systems, these devices open up the possibility of security and privacy risks through exploitation by malicious hackers.
In the case of the quote above, hackers attempted to steal data from a North American casino through a fish tank that was connected to the internet. Although the casino had implemented some security precautions, these hackers still managed to compromise the tank to send data to a device in Finland before the threat was discovered and the perpetrators were stopped.
Unfortunately, smart home environments are increasingly on the radar of hackers as a growing number of consumers embrace these devices in their homes. In fact, last year, the Mirai botnet took control of a myriad of smart home devices, such as security cameras, all around the world, forcing them to direct massive amounts of web traffic to take down websites like Twitter and Netflix.
According to a recent forecast study by Berg Insight, there will be 73 million smart homes in North America by 2021, equaling 55% of all homes. By the end of 2016, more than 21.8 million smart homes had already been connected. Clearly, these technologies are rapidly expanding throughout our communities, making it essential for both developers and consumers to be smart about reducing security and privacy vulnerabilities to avoid exploitation by hackers.
And although more IoT devices mean more possibilities for hacking, there are many ways to keep smart homes secure. For one, adding an additional authentication factor beyond the password, such as a security key or one-time code received by a phone call or text to keep unknown parties out of smart devices, can be highly advantageous. Another critical factor for consumers to keep in mind is the importance of completing security updates, particularly on new devices. Although many people are accustomed to clicking “download later” when a device prompts them to run a software update, this lack of action can make devices vulnerable to dangerous malware, so it’s best to avoid problems by running these updates promptly in order to keep all devices secure.
Smart home environments are one of the many exciting developments to come from the Internet of Things and provided that developers and consumers implement the highest level of security on all devices, we can enjoy the massive benefits of these technologies without exploitation from hackers.
Written by Igor Ilunin, head of IoT at DataArt.