IoT – Shocking : How your home sockets could aid in Cyber attacks

IoT devices are dramatically enlarging our surface of attack, hackers can exploit smart sockets to shut down Critical Systems.

I love some of the gangster nicknames people come up with. Knuckles, Fat Tony , Stab Happy or even Bambi. Names are characteristic of their personality and attitude. It’s time to add Toaster Socket to the name as in the age of Smart Grid, criminals are getting updated.

The Internet of Things (IoT) ,which soon may become the “Internet of Everything,” is something that has made every security professional reanalyse all his security strategies. Security has been a challenge when it came to handling our basic Information and Communication Technology (ICT) systems. With the disruptive and highly welcomed IoT age upon us we may soon have larger challenges.

A recent research by Bitdefender found that smart electrical sockets can be exploited easily and be made a zombie on a bot network.

“The vulnerable device is a smart electrical switch that plugs into any wall socket and enables users to schedule a connected electronic device on and off from their smartphone. It can power any gadget – thermostats, smart TVs, coffee makers, security cameras, garage doors, and medical devices and so on.” states BitDefender.

For those who know the challenges an enterprise can face while fending off attacks from such botnets, would realize we are adding ammunition to the cyber criminal’s arsenal.

Other than exploiting the inbuilt Operating System to execute commands it can affect the user by gaining access to his email, gain login credentials to his other wireless systems, cause overheating and hence create fire “accidents” . The possibilities are endless.

Electrical and electronic appliances have had their recent fair share of negative media when it comes to being actors in cyber attacks. Surveillance cameras could be recruited in powerful botnets, smart LED light bulbs giving away WiFi passwords or refrigerators launching DDoS attacks.

A common issue found in the power outlet by security researchers is the lack of robust password and username  combination security strength, the lack of encrypted configuration mechanism when joining your personal network (Eg.: Home WiFi network)and weak encoded information sharing between vendor servers and appliance.

Based on the above discoveries Bitdefender outlined some ways of launching attacks and compromising your system where the attack vector is your smart socket.

• First, gain access to your email and hence disable your two factor authentication process (Great security measure by the way) .
• Second, use a ill-filtered password checking system to in a way inject codes to pretty much reset your entire system.

Well coming to the meat of the matter, an attacker always wants to gain root access to a system . These few stated methods and a little effort could give them that. Hence your socket may end up being weaponized for cyber attacks, be used to monitor and harm you (the user) , gain access to other systems in your network and a major overlooked issue affect your privacy.

The solution is evident. You the user has to demand security as a basic need while buying such systems or you may have to have bail money for your toaster switch a.k.a. cyber criminal.

It is time to purchase a security solution specifically designed for IoT devices.

About the Author: Joshua Bahirvani

Cyber Security Enthusiast and believer of Privacy in this Digital Age.

LinkedIn : https://in.linkedin.com/in/jbahirvani15

Peerlyst: https://www.peerlyst.com/users/joshua-bahirvani

Twitter : @B15joshua

Medium : @jbahirvani15

 

 

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini 

(Security Affairs – hacking, IoT)

[adrotate banner=”5″]

[adrotate banner=”13″]