New internet devices perfect for hackers

  • 23/11/2015

It could be a merry holiday season for hackers, with millions of new and potentially vulnerable internet-connected gadgets hitting the market.

Security experts say the vulnerabilities of "Internet of Things" devices such as fitness bands, smartwatches, drones and connected appliances could be exploited as consumers adopt these products for the holiday season.

Any connected device "can be a pivot point into your network", said Bruce Snell, cybersecurity and privacy director for Intel Security.

Although breaking into a wearable device or drone does not necessarily provide immediate value for a hacker, it can lead to a connection to a smartphone and data which is stored in the internet cloud, security experts note.

"These could potentially install malware that sniffs out all the passwords on your network and sends them to a remote location," Snell told AFP.

For easier use, many consumer gadgets use relatively insecure connections and often require minimal use of passwords or other authentication.

Gary Davis, who heads consumer online safety for Intel, said the holidays could be a vulnerable time for consumers.

"With the excitement of getting new devices, consumers often are so eager to begin using them that they do not take time to properly secure them," he wrote.

In some cases, security can be improved by simply changing the password on the device.

The research firm Gartner earlier this month forecast that 6.4 billion connected things will be in use worldwide in 2016, up 30 per cent from 2015, and will reach 20.8 billion by 2020.

Smart home devices such as thermostats can be a gateway for hackers, according to a report this year by researchers at TrapX Labs.

The researchers took apart and then used a Nest thermostat as a point of attack for a home network and were able to track the users' internet surfing activity and get access to their private credentials.

Northeastern University researchers found some smartphone fitness apps can leak passwords and location information over public Wi-Fi networks.

Researchers at British security firm Pen Test partners said a similar vulnerability exists in Wi-Fi connected kettles and coffee-makers.

The devices allow users to turn the kettle on without getting up but it also means "a hacker can drive past your house and steal your Wi-Fi key," Pen Test's Ken Munro said in a blog post last month.