A simple design change can fix the Internet-of-Things’ biggest security hole.
Thirty minutes. That’s the time it took a team of researchers from Ben-Gurion University in Israel to access security cameras, baby monitors, doorbells, thermostats, and other internet-of-things, not-so-smart devices. It didn’t require any special hacking techniques. Anyone can do it.
The research show how easy it is to extract the default hard-coded passwords of any machine when you have physical access to itPut that information into a Google search box and, within a few minutes, you will find a site or a forum post somewhere describing how to enter into that device using the manufacturer’s default administration user name and password.
Any pedophile, thief, ex-spouse, or regular Peeping Tom can use this information to gain access to any of these devices installed in your home. A government or criminal organization can also use these user/password combos to control many devices at once, in order to mine data, spy, or launch global internet attacks.
SEE ALSO TOP 5 MISCONCEPTIONS OF IOT NETWORK AND DEVICE SECURITY
The research was led by Yossi Oren, who is in charge of the Implementation Security and Side-Channel Attacks Lab at Cyber@BGU. With his colleagues, he analyzed 16 popular high and low-end IoT devices, using different reverse-engineering techniques that show how easy it is to extract the default hard-coded passwords of any machine when you have physical access to it.