Security researchers at Kaspersky have decided to have a look at IoT-enabled devices and their lack of security measures.
Sourced through Scoop.it from: spd.rss.ac
Security researchers at Kaspersky have decided to have a look at IoT-enabled devices and their lack of security measures. The results of their experiment, yet again, confirms that Internet of Things devices still lack the proper security measures even today, after years during which many cyber-security vendors have griped about their vulnerabilities. In their most recent experiment, Kaspersky chose four random IoT devices, which they’ve meticulously analyzed for any security flaws. The results are a little worrying since all the flaws can be chained together and provide criminals with an attack scenario they can follow and gain access to so-called “smart-homes.” – Google Chromecast (USB TV dongle for video streaming)
The first step in such kind of attacks can occur when utilizing the famous “rickrolling” vulnerability in Google Chromecast devices that allows attackers to hijack the content shown on a smart TV.
This can be useful for displaying error messages that fool the user into believing he needs to change his Wi-Fi password or reset the local wireless router to factory default settings, which can easily be leveraged by attackers. Smart coffee maker (controlled via a smartphone app) Kaspersky researchers also identified a smart coffee maker device that can expose the user’s Wi-Fi password.
Kaspersky declined to name the coffee machine’s make and model since the vulnerability has not been patched yet. As you can imagine, getting hold of a target’s Wi-Fi password can grant criminals access to a person’s entire portfolio of IoT devices, since all work and use the home’s Wi-Fi network.