The NSA wants to exploit IoT devices for surveillance and sabotage
The NSA and other intelligence agencies are spending a significant effort in research for hacking IoT devices for both surveillance and sabotage.
Intelligence agencies worldwide are looking with increasing interest to the Internet of Things paradigm, intelligent objects surround us and manage an impressive volume of data related to of existence.
Thanks to the Internet of Things devices, we become nodes of a global network, hacking this network allow spies to spy on everyone.
This is also the intent of the U.S. National Security Agency who is working to develop cyber espionage capabilities through IoT devices.
“As my job is to penetrate other people’s networks, complexity is my friend,” he said of the growing mass of common household and office items that are increasingly likely to be logged in to a nearby Wi-Fi network. “The first time you update the software, you introduce vulnerabilities — or variables, rather. It’s a good place to be in a penetration point of view.” said Richard Ledgett, the NSA’s deputy director, at a conference in Washington on Friday.
In many cases, IoT devices are not designed with security in mind, allowing hackers to easily take over such kind of objects.
The Internet of Things is expected to lead to 50 billion connected devices by 2020 collecting and exchanging personal data about their users, their lives, their preferences, and tastes.
This will lead not only to relevant data protection issues but also to increased hacking related risks triggering the need to implement a higher level of cyber security.
In September 2015, the FBI published a service announcement warning that the Internet of Things poses opportunities for cyber crime.
“As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors. Similar to other computing devices, like computers or Smartphones, IoT devices also pose security risks to consumers. The FBI is warning companies and the general public to be aware of IoT vulnerabilities cybercriminals could exploit, and offers some tips on mitigating those cyber threats.” states the announcement.
The announcement has raised a heated discussion on the responsibility for the exploitation of such kind of devices, it seems that the FBI attributes the responsibility for the security of these devices on the consumer.
“Consumers should be aware of the capabilities of the devices and appliances installed in their homes and businesses. If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow it operate on a home network with a secured Wi-Fi router” states the announcement.
Security experts are warning the medical industry about the hacking of any medical equipment implanted in the human body such as pacemaker and insulin pump.
Ledgett also added that the NSA could extend its research into the exploitation of biomedical devices.
It is crucial to approach the security of IoT devices seriously!
[adrotate banner=”9″]
Pierluigi Paganini
(Security Affairs – IoT devices, Hacking)