My home is my castle… or no longer?
From ancient times home is associated with safe and quiet place. Seems like soon it can be changed.
Recently Forbes published an article about possible vulnerabilities in Nest Thermostat. Vulnerability looks unexploitable in practice because physical access to the device is required. However, it is easy to imagine some distributor’s employee or a serviceman getting access to your device and then getting control of it.
Nest Thermostat is a great device and now treated as one of the most secure, according to Forbes. The same thing cannot be said about other “Internet of Things” stuff:
- https://threatpost.com/researcher-discloses-wi-fi-thermostat-vulnerabilities/108434
- http://www.securityfocus.com/archive/1/534774
- http://www.cheatsheet.com/technology/usb-drive-to-smart-home-which-of-your-devices-can-be-hacked.html/?a=viewall
- and so on
IoT-era is only raising now. Importance of information security acknowledged now better than ever. Despite that, between comfort and security, we always prefer comfort. Usually comfort has nothing in common with security. It is why creating incredible and high-quality products is so difficult and require many resources for vendors.
Currently serious cybersecurity threats for our homes are related not only with innovative devices. Most of all widely spread routers for home have so many different vulnerabilities. Yeah. Hackers exploit such security holes, as KrebsOnSecurity reports, and do it very successful.
An attacker controlling your router may control all your traffic. Such evil thing affects not only your privacy, but also makes another threats become actual. Sure, you have already heard about HTTPS (HTTP over SSL/TLS) which made to protect traffic against eavesdropping. News, especially recent news reveal that it is not perfect at all: Heartbleed, POODLE, FREAK, what’s next? Also some vendors give good opportunities to hack their customers.
Vulnerabilities in home routers along with software holes in endpoint devices make very easy to steal your money from online-banking or your private photos from cloud storage.
If somebody is not sure of the possibility of practical implementation of such threats, this write-up, for example, may serve as a proof of concept. It is not a hacking tutorial; it is just solution of one task from a hacking contest. But it really shows step-by-step how to realize attack very similar to the one described above.
May be it looks hard for a normal user, but actually it is very easy to implement.
Hackers are thieves. Default-password is like an opened door to your home. Out-of-date software is like an opened window.
Should we be scared? No. We must be extremely attentive now to prevent our families and folks from trouble. It really matters. We should carefully use opportunities of modern technologies and fully understand (when it’s possible) what we do each time using the Internet.
To help you with that, we at AVULN Security Industries are developing AVULNATOR. The device that will block malicious traffic incoming to your home network and other malware activity. AVULNATOR will be always up-to-dated because of our distributed cloud-based monitoring system. Read more at our AVULNATOR page.
Pre-oder does not require payment, but gives your 10% off discount.
Placing pre-order now, you help us make AVULNATOR cheaper.