A simple design change can fix the Internet-of-Things’ biggest security hole.
Published on CO.Design | By Jesus Diaz
Thirty minutes. That’s the time it took a team of researchers from Ben-Gurion University in Israel to access security cameras, baby monitors, doorbells, thermostats, and other internet-of-things, not-so-smart devices. It didn’t require any special hacking techniques. Anyone can do it.
Put that information into a Google search box and, within a few minutes, you will find a site or a forum post somewhere describing how to enter into that device using the manufacturer’s default administration user name and password.
Any pedophile, thief, ex-spouse, or regular Peeping Tom can use this information to gain access to any of these devices installed in your home. A government or criminal organization can also use these user/password combos to control many devices at once, in order to mine data, spy, or launch global internet attacks.
The research was led by Yossi Oren, who is in charge of the Implementation Security and Side-Channel Attacks Lab at Cyber@BGU. With his colleagues, he analyzed 16 popular high and low-end IoT devices, using different reverse-engineering techniques that show how easy it is to extract the default hard-coded passwords of any machine when you have physical access to it.
The research show how easy it is to extract the default hard-coded passwords of any machine when you have physical access to it.
Read entire article You Can Hack Almost Any Smart Device With A Google Search | CO.Design
Become a Certified Privacy Expert
The Certified Data Protection Officer (CDPO) training course will enable you to develop the necessary knowledge, skills and competence to effectively implement and manage a compliance framework with regard to the protection of personal data.
Join us for our upcoming CDPO training events.