In our world of increasingly connected, always on, Internet-of-Things gadgets, security and privacy are looming concerns. The simple reality is that if your refrigerator, or television, or cable TV box can connect to the Internet, then someone on the Internet can also potentially connect to it.
A Kaspersky Labs researcher decided to move beyond theoretical security research, and actually conduct a penetration test of his own home. He discovered serious flaws and vulnerabilities that can be used by an attacker to gain access to the devices in his living room, and that should be concerning for most people because it is a real-world example of a potential attack against common technologies found in an average home.
I wrote about the exercise in a blog post:
At the Black Hat security conference in Las Vegas earlier this month, researchers demonstrated how a Nest thermostat can be hacked, to show how easily connected appliances—the household technologies that make up the Internet of Things—can be compromised. When you look beyond the demo’s hyperbolic headlines, it turns out the hack requires physical access to the Nest device, but the questions remains, “How vulnearable is IoT?”
To find out, David Jacoby, a security researcher with Kaspersky Lab, hacked his own living room.
In a blog post detailing the exercise, Jacoby describes the array of connected devices in his home. He has two different NAS (network-attached storage) units, a smart TV, satellite receiver, printer, and the router from his Internet provider. Aside from the NAS units, it’s all technology you can find in just about any house.
Jacoby identified 14 vulnerabilities just in the two NAS units, one in the smart TV, and several concerning issues with his Internet router. He found remote code execution flaws and weak passwords on the NAS devices, a potential for a man-in-the-middle attack on unencrypted traffic between the smart TV and the TV vendor’s servers, and hidden backdoors in the router designed to provide the Internet provider support personnel to remotely access any device on the private network.
You can read the full article at PCWorld: Your living room is vulnerable to cyber attacks.