During our most recent WebTracks Webinar, Chris Novak, RISK team director at Verizon, dived into one of the year’s most anticipated reports—2015 Verizon Data Breach Investigation Report (DBIR)—and talked about one of our greatest concerns: hacking the Internet of Things (IoT).
The threat of IoT
While Novak mentioned that as of right now, the number of IoT hacks are not nearly as dramatic as the media would make you think, we need to be vigilant and start preparing ourselves for the what is posed to be one of the biggest industry threats of 2015 and beyond.
There is a long, long list of smart things that can be hacked, but here are two notable examples of smart things that actually have been hacked with malicious intent:
- Webcams/Cameras: In 2014, it was reported that UK hackers had been arrested for using malware to capture nude pictures of Miss Teen USA using her webcam.
- Refrigerators/TVs: In 2014, Proofpoint reported that nearly 100,000 connected devices sending more than 750,000 malicious emails—a quarter of which emanated from non-traditional “things,” including a few smart TVs and at least one refrigerator.
The most important thing to remember is that everyone has information hackers want—even if that information is a connection to someone. The DBIR found that nearly 70% of attack victims are targeted for the purpose of advancing a different attack against another victim.
That statistic is part of the tactic the IRS hackers took this year. The hackers did not hack the IRS per say; instead they were able to hack people’s less secure accounts and gather information available on the Internet (e.g. social media) to answer all the IRS security questions needed to gain access to the victims’ accounts.
The biggest takeaway here is that breaches lead to more breaches and for every Internet connected device you have, you are giving hackers another place to start their “trail of breaches.”
Protecting yourself against smart device hacks
By the end of the year, an estimated 2.9 billion consumer devices will be connected to the Internet, according to market researcher Gartner. And as much as you may just want revert back to using not-so-smart things, resistance may be futile. The world—everything from your pets to your plants to your kids’ clothing—is connected. And let’s be honest, you don’t want to miss out on using some of the future tech that is available now and that is in the works, so here are five steps to keeping you and your smart things safe:
1. Change your router password
Despite the convenience of using the default password, you are asking for trouble by using it. Anyone who enters you home can look at the sticker on the device and have more than enough information to get into your network. Also, security firm Incapsula found that a group of attackers had turned routers with default passwords into a botnet that they then used to take down Web sites using a denial-of-service attack.
2. Hide your routers and devices
If a hacker is able to gain access to a device, almost all devices could be easily compromised and be turned into a Trojan Horse, according to a study by security firm Synack. In fact, it only took between 5 and 20 minutes to find a way to compromise each device, once the researchers unpacked the hardware.
3. Stop connecting accounts
In 2012, Wired’s Mat Honan was attacked. Within an hour his Google account was deleted, his Twitter was taken over and used to tweet out terrible messages and all the data on his Apple devices was erased. How could this be done so quickly? Because all his accounts we connected. If hackers get into one, they have access to all of them. So next time a website asks if you want to sign up using your Twitter or Apple account, say no.
You know how we mentioned the IRS hack was done through a series of information gathering breaches? Lie on your accounts to protect yourself. Security questions at this point in time are kind of a joke. One look at someone’s Facebook and you can tell you where they went to school or their mother’s maiden name, so come up with fake answers for these questions to deter hackers.
5. Update your devices
Just like with your laptop, let your IoT device run updates when they are ready. We understand that these updates always pop up at the worst time—like at a cliffhanger moment when you are binge watching a new show—but the show will still be there when you are done updating. Protect yourself.
The best way to think about IoT security is like physical security—lock every (figurative) door and window. Have a great password for every entry point on your devices. As unbelievable as it may be, this is a huge deterrent for hackers. Just like criminals who steal things from cars or homes, cybercriminals know they don’t have to go through all the work of busting down doors and windows because so many people use lousy security practices and essentially leave themselves open to attack.