Rise of the hardware hackers

Posted on

Corroded lock on barn doorA series of high-profile hacks has brought more attention to security concerns of connected devices.

But how vulnerable is our hardware and how are the risks evolving?

Everyday, everybody uses technology that enhances their lives in some small way.

And the number of internet-connected devices is getting bigger every day as more individuals and companies realise the benefits of connecting their information.

Today, connected devices range from smart doorbells and kettles to children’s toys and hardware in critical industries like energy, healthcare and manufacturing.

But these connected devices also present a minefield of security problems and pitfalls. For businesses, this could mean that important systems fail, data can be lost or stolen and much more.

Even if you are protected by internet security systems, connected devices can provide a backdoor into your information systems.

Hotel doors hacked

One recent high profile hack centres on a vulnerability in an electronic hotel door lock. This weakness was exposed by hackers to create a master key, capable of opening any hotel door without registering in the activity log.

Ethical hackers F-Secure were contracted by Swedish lock maker to find weaknesses in their system. The hackers spent 12 years creating their master key.

F-Secure’s Tomi Tuominen and Timo Hirvonen, who carried out the work, said they created the key “basically out of thin air.”

A spokesperson for the lock manufacturer said: “Digital devices and software of all kinds, are vulnerable to hacking. However, it would take a big team of skilled specialists years to try to repeat this.”

Casino aquarium fished

Another recent hack involved an internet-connected fish tank at a large unnamed casino.

Although the casino’s IT network was well protected by firewalls and anti-virus software the large fish-tank, which was monitored by a central computer, provided a back door into the system.

Criminals who were trying to access bank details for some of the casino’s wealthiest gamblers used this back door to access the casino network.

Fortunately, Darktrace, a cyber security company spotted the breach in good time to stop the criminals.

Unprotected routers and internet connected teddy bears have also been subject to online attacks in recent months.

What to do about the threat

Unsecured devices are a growing concern for governments, spies and IT professionals tasked with protecting their companies from cyber-attack.

In a survey of IT professionals, 62% reported that they were concerned about connected device threats with IoT devices at the top of the list.

Online security was one of the key themes at this year’s Mobile World Congress in Barcelona. Connected technology featured heavily at the trade show with smart tech solutions including a passenger drone and the next-generation of smart city technology.

One particularly promising session centred on how blockchain could help secure the IoT devices of the future. The digital ledger that supports cryptocurrencies like Bitcoin automatically stores information in multiple places.

It can also be used to reduce the risk of IoT devices being put at risk by a security breach at a single point. Because blockchain is decentralised, it gets rid of any central authority over IoT networks, improving protection.

They could potentially stop or alert the user if asked to carry out tasks that appear unusual, such as if they are commandeered by hackers or used to carry out a Distributed Denial of Service attack.

Darktrace, the company responsible for stopping the casino fish tank hack use artificial intelligence systems to identify issues cyber vulnerabilities before they become a problem.

To try and improve standards in connected devices, the British Standards Institution (BSI) has introduced a new kitemark for internet of things devices (IoT) devices to help customers make better choices about trusted services.

The scheme was proposed as part of a wide-ranging review of IoT security by the National Cyber Security Centre (NCSC).

It includes three categories of kitemark depending on what the device is used for. Kitemarks can either be residential, commercial or enhanced. The enhanced kitemarks are for products intended for use in high-value or high-risk applications at home or in commercial settings.

Tags: , , , , , ,