This Security Vulnerability Could Change An IoT Device Into A Nasty Spy

This Security Vulnerability Could Change An IoT Device Into A Nasty Spy

IoT has had a remarkable impact on our lives. We now have devices connected over a network that are capable of making our lives much easier and comfortable. From smartphones to smartwatches to internet-powered doorbells, door alarms, security cameras, speakers, door locks, lights, bulbs, and baby monitors, the list is just endless. However, with this boon, a bane looms around and that is, miscreants can hack into these devices and if not acted upon promptly, they can wreak havoc on our lives. But, when can hackers feed on IoT devices? The answer is when they sniff a security vulnerability or when we as users don’t practice healthy security habits.

We’ll get into the security habits on a user’s part later in the blog but, let’s first discuss how a security vulnerability can lead a hacker into your IoT device and then into your personal or professional life. Quite recently, a security vulnerability has hit IoT devices. This security flaw can give access to your IoT audio and video feeds and turn into a spying tool.

What is This Security Vulnerability All About? How Severe Is The Security Flaw

As per the researchers at Nozomi Networks Lab and DHS, the security flaw can let malicious attackers tamper with an IoT device. They can easily convert a given IoT device such as a home security camera, a baby monitor, or a smart doorbell into a spying tool. Owing to this vulnerability, they can steal crucial data or spy on video feeds as well. Apart from intruding into one’s personal lives through the aforementioned channels, an attacker can even steal crucial business data such as data related to customers, employees, or even production techniques. The security flaw is indeed very severe. So much so that the Common Vulnerability Scoring System (CVSS) rates it at 9.1/10 on a severity scale.

How Did This Security Flaw Surface?

Security
Source: onetech

The flaw is a supply chain bug that was discovered in a software component (P2P SDK) manufactured by a company called ThroughTek who is one of the prominent suppliers of IoT devices. The P2P’s SDK gives remote access to audio/ video streams over the internet. The SDK is found in smart sensors, security cameras such as baby and pet monitoring cameras,  doorbells, etc and it help a viewer gain access to audio/ video streams. The flaw affects P2P’s version 3.1.5 or before. As Nozomi has demonstrated, the older versions of the SDK allow data packets to be intercepted while in transit. A hacker can refurbish these packets into complete audio or video streams.

ThroughTek’s Defence

ThroughTek has countered this bug in version 3.3 that was released in mid-2020. Though the issue is that quite many devices still run the older build. Secondly, as per ThroughTek, to conduct an attack, a prospective attacker will need to have extensive knowledge of network sniffer tools, network security, and encryption algorithm.

We’ve Had Instances of IoT Vulnerabilities and Hacking Attacks In The Past Too

Hacking attacks
Source: hornetsecurity
  • The Mirai Botnet or Dyn Attack of 2016 – This was the largest DDoS attack on service provider Dyn that led to considerable portions of the internet going down that included Netflix, Reddit, Twitter, and CNN
  • As per the FBI’s latest findings, there are Smart TV manufacturer’s for whom security is an afterthought and an unsecured TV can be used by a hacker to not just control your channels or volume but even stalk you
  • A researcher at the University of Texas at San Antonio claims that hackers can use infrared-enabled smart bulbs to infect other IoT devices
  • Researchers unearthed bugs in a famous smart deadbolt that could allow attackers to break into homes or even unlock doors

Something To Ponder Upon

It is predicted that by 2025, there will be more than 21 billion IoT devices. That’s almost 3 times the complete population of the world. The above research is an eye-opener both for developers and users alike that if attention is not paid, we can only wonder how many users will become victims of cyberattacks.

Needn’t Be Scared! A Stitch In Time Will Help Dodge An IoT Attack

While developers do their bit, patch flaws, and counter such attacks, what is it that you as a user can do? No! We don’t mean to unload technical stuff or scare you, there are some very simple steps you can take to dodge such IoT attacks/ vulnerabilities and protect your IoT devices.

  1. As per Kaspersky, almost 86 % of organizations have obsolete software. So, keep your IoT devices up to date especially if you are a company whose life depends on IoT devices.
  2. Before purchasing an IoT device – a smart bulb, a smart doorbell, camera, speaker, a smart TV, or anything else, do your research. Check if the device has recently run into a vulnerability issue or not
  3. Use A VPN that can counter DDoS attacks. In case your IoT device is connected to your laptop and you are using it on public Wi-Fi, you can go for a VPN like Systweak VPN. It can guard you against man-in-the-middle attacks, DDoS attacks, or malware infections while you using a public Wi-Fi

Download Systweak VPN Now

Read Complete Review on Systweak VPN

  1. Unplug your IoT device completely when not in use. It’s simple when your device is cut off from the internet, a hacker won’t have a target to exploit
  2. Disable UPnP (Universal Plug and Play). Meant to help gadgets discover other network devices, hackers can break into your device using this feature. Your best bet? Disable this feature completely
  3. Use strong passwords for Wi-Fi networks, device accounts, and even connected devices. If possible use a password manager. Why? Because these days password managers let you generate strong passwords every single time. Take LastPass for instance, it has an ingrained password manager that lets you generate randomized, long, and difficult to surpass passwords
  4. If you don’t read the privacy policy of apps, maybe now is the time to do that. You’ll at least have an idea of what you are being asked to share

In The End

The near future hails IoT devices. With that power becoming more accessible, we need to become more vigilant and more informed. This blog is a small step in the wake of doing that. Love IoT as we do and want to work towards making it more secure, do let us know in the comments section of the ways and means we can make IoT devices more secure and more enjoyable. You can even address any more security flaws that you recently encountered in an IoT device.

Related Topics

Quick Reaction:

Leave a Reply

Your email address will not be published. Required fields are marked *