The highly touted benefits of managing your lights, garage door and coffee maker from your smartphone are no exaggeration. But they are also increasingly making the average home more vulnerable to those interested in stealing codes, data and access to your online financial wealth - to say nothing of neutering your home alarm system. They may also use your devices to mask their hacks on others.
The problem is that we have become enamored of gee-whiz technological power whose utility is less essential than magical. And there is nothing wrong with that. In fact, the common uses may spur further advances that could have significant impact on our lives. But in the meantime, those whose intent is less pure are finding this fascination quite useful to them. And the current anti-government regulation mood makes it more difficult for those concerned with security, even if privately employed, to offer better protection.
There is a point at which the liberating effect of convenience collides with the common sensical need to think more carefully about the practical impact of such trends on our real, tangible lives. And that point appears to be here. JL
David Goldman reports in CNN:
If the Jetsons were real, they probably would have gotten hacked a lot. In the classic 1960s animated sitcom, everything in the space-age family's home was networked and could be controlled by the press of a button on a remote control.
That fantasy is becoming a reality. New technology allows practically everything in your home -- from your door locks to your thermostat to your TV -- to be controlled by an Internet-connected device like a smartphone.
Unsurprisingly, many of those cutting-edge devices are filled with holes that cyberattackers can exploit.
In a briefing at the Black Hat cybersecurity conference in Las Vegas on Wednesday, security researcher Collin Mulliner showed just how easily hackers can tap into "smart home" gadgets when they're connected to mobile networks.
By scouring through a European database of registered devices on the mobile Internet, and with just a small amount of hacking, Mulliner was able to crack hundreds of home automation hubs, smart electric meter control units, and in-home security cameras.
Mulliner didn't need to break out many advanced geek skills. For example, a quick Google search revealed that one brand of popular smart meter device had a default password of 1234. Since they're typically installed by the electric company, few homeowners change it.
"This should be a wake-up call," said Mulliner. "It would be very easy to build a smart meter botnet that could shut off the lights in an entire neighborhood."
Many of the devices that turn people's houses into the Jetsons' home are still experimental -- but they're hardly the only connected gizmos that were easy to hack over the mobile networks.
If you've ever read a SkyMall magazine on an airplane, you're probably familiar with GPS tracking units that paranoid parents can stick in their teenager's car to monitor where they go.
If you can track your kid, others probably can too.
Hundreds of those devices popped up in Mulliner's scan, and few were secured in any way. Some of the units offered menu options when he tapped into them, asking if he wanted the latest location data. He didn't even need to identify himself, let alone enter a password. A hacker who can track down the IP address and a few other device specs will get access to a detailed rundown of the driver's travels.
And then there were the thousands of jailbroken iPhones that showed up in Mulliner's scan. Without some of Apple's (AAPL, Fortune 500) built-in security mechanisms, jailbroken iPhones are inherently less secure than ones that haven't been tinkered with.
"Jailbroken iPhones are a hazard waiting to happen," he said. "It's easy to perform SMS and call fraud, and soon, someone's going to steal a bunch of private data."
In 2009, Australian jailbroken iPhones were hit with a worm known as "ikee," which was more of a prank than a real threat: It replaced the phone's wallpaper with a photo of 1980's pop singer Rick Astley and a message: "ikee is never going to give you up."
Futuristic technologies offers a lot of convenience -- everything from managing your home and electricity with your smartphone to freeing your iPhone from Apple's chains. But with every advance comes new vulnerabilities that cyberattackers are just waiting to pounce on.
0 comments:
Post a Comment