February 19, 2015

Internet of Crappy Things

News Security

Lately, there has been a lot of talk about the Internet of Things (IoT) among IT professionals. It means that all things should be connected: refrigerators, coffee machines, TVs, microwaves, fitness bands, and drones. But this is just the tip of the iceberg.

Internet of crappy things - IoT

It just so happens that due to some peculiarities of the online community, solely consumer electronics enjoy media coverage when it comes to the IoT. In reality, the IoT is not just about home electronics.

There is a flood of appliances which could be connected – and some are connected – without a second thought as to whether or not it’s necessary. Most people barely give a second thought that a hack of a smart-connected appliance could be dangerous and a lot more threatening than a simple PC hack.

On Kaspersky Daily, we’ve regularly written about how unexpectedly vulnerable connected devices can be. The stunning ease in which David Jacobi managed to hack his own smart home continues to provoke bursts of laughter and awed applause during his speeches at various infosec conferences.

Another great and detailed example was the hack of a car wash carried out by Billy Rios of Laconicly. Car wash. You know, that thing with huge brushes and foam and so on. Today’s car washes have smart control systems which are connected and, consequently, susceptible to a remote hack.

Billy Rios of Laconicly

If successful, a hacker obtains full control over all aspects of the car wash’s operations. There are vast opportunities to do whatever they want, including getting services free of charge, as the owner account has access to various tools, including a payment system. They can hold a car being washed inside the car wash, after obtaining control over the gates. There’s even the possibility of breaking the car wash or damaging a car, as a car wash facility is equipped with a number of moving components and powerful engines.

Anything else to hack? Sure, anything you wish! For instance, at the Security Analyst Summit 2015 Vasilis Hiuorios, a security expert at Kaspersky Lab reported his hack of a police surveillance system. The police hoped that beam antennas were enough to secure communications.

If the police are so careless as to allow hacks of their networks and appliances, it goes without saying that gadget makers are even more so. Another Kaspersky’s expert, Roman Unuchek, demonstrated a hack of a fitness band at SAS 2015: after a series of relatively simple tricks one can connect to a fitness band and download information about the owner’s location tracking.

In general, the problem is that those who develop home appliances and make them connected face realities of a brand new world they know nothing about. They ultimately find themselves in a situation similar to that of an experienced basketball player sitting through a chess match with a real grand master.

Things get even worse when it comes to the users of connected devices. They don’t bother with security at all. For an average user, a connected microwave is still just a microwave. A user would never imagine it is a fully-equipped connected computer which has means of influencing the physical world.

Sooner or later, the impact could be detrimental. Considering the challenges the connected world poses to both users and vendors, the latter should start thinking of ways to make their products properly secure. For users, our advice is limiting the use of way too ‘smart’ connected tech.