Off-the-Shelf Smart Devices Found Easy to Hack
Off-the-Shelf Smart Devices Found Easy to Hack
March 13, 2018
Ben-Gurion University Researchers Offer Cyber-Safety Tips to Protect Cameras, Baby Monitors, Doorbells, and other IoT Devices
Off-the-shelf devices that include baby monitors, home security cameras, doorbells, and thermostats were easily co-opted by cyber researchers at Ben-Gurion University of the Negev (BGU). As part of their ongoing research into detecting vulnerabilities of devices and networks expanding in the smart home and Internet of Things (IoT), the researchers disassembled and reverse engineered many common devices and quickly uncovered serious security issues.
“It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices,” says Dr. Yossi Oren, a senior lecturer in BGU’s Department of Software and Information Systems Engineering and head of the Implementation Security and Side-Channel Attacks Lab at [email protected]. “Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products.”
“It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand,” says Omer Shwartz, a Ph.D. student and member of Dr. Oren’s lab. “Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely.”
The BGU researchers discovered several ways hackers can take advantage of poorly secured devices. They discovered that similar products under different brands share the same common default passwords. Consumers and businesses rarely change device passwords when purchased so they could be operating infected with malicious code for years.
They were also able to logon to entire Wi-Fi networks simply by retrieving the password stored in a device to gain network access.
Dr. Oren urges manufacturers to stop using easy, hard-coded passwords, to disable remote access capabilities, and to make it harder to get information from shared ports, like an audio jack which was proven vulnerable in other studies by [email protected] researchers. “It seems getting IoT products to market at an attractive price is often more important than securing them properly,” he says.
Tips for IoT Product Security
With the goal of making consumers smarter about smart home device protection, BGU researchers offer a number of tips to keep IoT devices, families and businesses more secure:
- Buy IoT devices only from reputable manufacturers and vendors.
- Avoid used IoT devices. They could already have malware installed.
- Research each device online to determine if it has a default password and, if so, change before installing.
- Use strong passwords with a minimum of 16 letters. These are hard to crack.
- Multiple devices shouldn’t share the same passwords.
- Update software regularly which you will only get from reputable manufacturers.
- Carefully consider the benefits and risks of connecting a device to the internet.
“The increase in IoT technology popularity holds many benefits, but this surge of new, innovative and cheap devices reveals complex security and privacy challenges,” says Yael Mathov, who also participated in the research. “We hope our findings will hold manufacturers more accountable and help alert both manufacturers and consumers to the dangers inherent in the widespread use of unsecured IoT devices.”
Click here to access the paper.
The BGU research collaboration also includes Michael Bohadana, a researcher at Deutsche Telekom Innovation [email protected] and Prof. Yuval Elovici, director of [email protected], director of Deutsche Telekom Innovation [email protected] and a member of the BGU Department of Software and Information Systems Engineering.
Watch Dr. Yossi Oren talk about the security of these devices on TechRepublic >>
ABOUT AMERICANS FOR BEN-GURION UNIVERSITY
By supporting a world-class academic institution that not only nurtures the Negev, but also shares its expertise locally and globally, Americans for Ben-Gurion University engages a community of Americans who are committed to improving the world. David Ben-Gurion envisioned that Israel’s future would be forged in the Negev. The cutting-edge research carried out at Ben-Gurion University drives that vision by sustaining a desert Silicon Valley, with the “Stanford of the Negev” at its center. The Americans for Ben-Gurion University movement supports a 21st century unifying vision for Israel by rallying around BGU’s remarkable work and role as an apolitical beacon of light in the Negev desert.
About Ben-Gurion University of the Negev
Ben-Gurion University of the Negev embraces the endless potential we have as individuals and as a commonality to adapt and to thrive in changing environments. Inspired by our location in the desert, we aim to discover, to create, and to develop solutions to dynamic challenges, to pose questions that have yet to be asked, and to push beyond the boundaries of the commonly accepted and possible.
We are proud to be a central force for inclusion, diversity and innovation in Israel, and we strive to extend the Negev’s potential and our entrepreneurial spirit throughout the world. For example, the multi-disciplinary School for Sustainability and Climate Change at BGU leverages over 50 years of expertise on living and thriving in the desert into scalable solutions for people everywhere.
BGU at a glance:
20,000 students | 800 senior faculty | 3 campuses | 6 faculties: humanities & social sciences, health sciences, engineering sciences, natural sciences, business & management, and desert research.
Stern Strategy Group