On Quartz they demonstrated how it is possible to take access to the entire home Wi-Fi Network starting from a simple coffee machine connected to the Internet
Let's start with one fact: by 2020, according to experts, about 13.5 billion "objects" will be connected to the Internet. This will radically change our habits at work and at home. But as we have said many times the Internet of Things could endanger our security and with our privacy.
The vulnerability of smart objects always connected to the Internet has recently been demonstrated several times due to a series of denial of service attacks. DDoS attacks have brought down several popular platforms such as Netflix, Twitter, Pinterest and Spotify. According to experts, most of these attacks are handled with Mirai, a malware that turns computer systems into remotely controllable botnets. Mirai works by constantly scanning accessible IoT devices, such as security cameras or home routers. From there it takes control of the server by logging in via the device's default username and password, then turns the devices into infected bots.
Hacking the coffee machine
On the Quartz website to test the vulnerability of IoT objects they tried infecting their smart coffee machine, meaning connected to the Wi-Fi network. Why try with this machine? Because it is among the easiest to infect for hackers and gives evidence that if cyber criminals wanted they could gain access to most Internet of Things objects. Inizialmente su Quartz hanno modificato le impostazioni dell’app della macchinetta, sono riusciti così a prendere accesso della macchina per il caffè direttamente da computer, senza dover usare l’applicazione creata per smartphone per attivare la preparazione del caffè. Preso l’accesso alla macchina connessa sono riusciti a prendere accesso a tutta la rete Wi-Fi di casa. Ed è questo l’aspetto più preoccupante.
I produttori e la sicurezza IoT
Fonte foto: Shutterstock
Clicca sull’immagine per scoprire come mettere al sicuro i propri oggetti smart
Mentre la maggior parte dei produttori di dispositivi IoT non ha ancora trovato, o cercato, le soluzioni per rispondere a questo campanello d’allarme, le agenzie governative stanno intensificando la prevenzione . Given the recent DDoS attacks, the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) in the U.S. have released documents that provide recommendations for companies and individuals that are useful for security when using connected objects. The document compiled by DHS includes six strategic principles aimed at providing guidance for developers, service providers and ultimately consumers. NIST provides a more detailed list of recommendations for manufacturers and developers looking to design more secure IoT products. Smart object security needs to become a core principle; infecting a thermostat may seem like small stuff, but instead it can cause problems on a grand scale.