Internet of Things, the Internet of the hackers
It was twelve o’clock at night in Dallas when the 156 emergency sirens started waking up the neighbors and saturating the emergency telephone lines. More than 4,400 calls. They are sirens that are used to alert of climatic conditions of risk. But the alert neighbors thought it was a bomb warning or similar emergency.
Fortunately nothing happened: the sirens were “hacked”. The operators had to check before what it was and then, before the impossibility of stopping them, turn off the whole system two hours later.
This time it has been sirens that have once again called into question the security of the Internet of Things. In “smart” cities it could be something more dangerous. And it would be accessed in the same way: a local system that directs all connected devices or taking control of each one of them because they are devices that have the same access credentials.
Last year they were the cameras of the Chinese manufacturer Xiongmai Technology, that had an operating system without updating (and therefore vulnerable) and some access credentials established from the factory, since the user was not forced to change it after the first installation and use. The result was a massive denial of service attack using the cameras as an army. Companies like Netflix, Amazon or Twitter were left without service.
This is how BrickerBot acts, a program that uses credential dictionaries to gain access, by brute force, to numerous devices that are used as “soldiers” in massive attacks. If the consumer does not change the username and password, their device can be easily compromised. An easy username and password and the open Telnet port are an open door to anyone.
Buy an IP camera, a thermostat or any other product of the style is to buy, in turn, a potential security hole much harder to exploit than a smartphone or a computer. There are no updates and the user does not perceive threats. He is never alert, since he is not a device that he uses constantly.
And we’re not only in danger through low-cost connected devices from China. There are already attacks on smart TVs that use radio signals to insert malicious code and take control of the device, which sometimes has a microphone, without having direct access to them.
“As soon as the hacker takes control of the TV, he can attack the user in many different ways,” said Rafael Scheel, the security consultant who demonstrated the concept of attacking ArsTechnica. “The TV can be used to access other devices in the local network or spy through the camera and microphone that is incorporated.”
According to one of the latest leaks of classified documents by WikiLeaks, the CIA was working on Samsung’s smart TVs, managing at least to capture audio with the microphone and save the listener in a file inside its memory. This with high-end devices that are frequently updated and that come from the largest manufacturer of consumer electronics in the world. What will happen then with the endless number of devices offered by the Internet of Things?
The Internet of Things does not need human interaction. Sensors collect, send, analyze and respond to data, which offers technology and telecommunications companies new ways to offer value. With these opportunities also comes the possibility that this information is compromised. In addition, it is not that the taking and communication of data is multiplied, but that it is usually even more important and private information. The irrigation is greater.
This new network that covers all sensors is an ecosystem shared between the private and public sectors. Even so, there is no clear strategy in terms of safety or a standard within the industry. This shared responsibility it can be a huge danger, since any infected point can obtain data or control a part of the sensor network. The standards will arrive. But you do not know when and the Internet of Things market continues to grow. The big companies and regulatory agents of the different countries have to work on the development and implementation of stricter security protocols. It will be very important when the 5G networks are implemented and the data traffic is multiplied in volume, speed and responsibility for people.
At the moment the manufacturers are even more focused on how to sell the Internet of Things and demonstrate its usefulness to the end user that create a secure network consisting of devices that are updated frequently and that force the user to establish passwords that are different from the factory. It is difficult to protect the devices. Impossible if there is no severe regulation and a clear security strategy. Before smart cities, secure connected devices.