Nav: Home

Off-the-shelf smart devices found easy to hack

March 13, 2018

BEER-SHEVA, Israel...March 13, 2018 - Off-the-shelf devices that include baby monitors, home security cameras, doorbells, and thermostats were easily co-opted by cyber researchers at Ben-Gurion University of the Negev (BGU). As part of their ongoing research into detecting vulnerabilities of devices and networks expanding in the smart home and Internet of Things (IoT), the researchers disassembled and reverse engineered many common devices and quickly uncovered serious security issues.

"It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices," says Dr. Yossi Oren, a senior lecturer in BGU's Department of Software and Information Systems Engineering and head of the Implementation Security and Side-Channel Attacks Lab at Cyber@BGU. "Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products."

"It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand," says Omer Shwartz, a Ph.D. student and member of Dr. Oren's lab. "Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely."

The BGU researchers discovered several ways hackers can take advantage of poorly secured devices. They discovered that similar products under different brands share the same common default passwords. Consumers and businesses rarely change device passwords when purchased so they could be operating infected with malicious code for years.

They were also able to logon to entire Wi-Fi networks simply be retrieving the password stored in a device to gain network access.

Dr. Oren urges manufacturers to stop using easy, hard-coded passwords, to disable remote access capabilities, and to make it harder to get information from shared ports, like an audio jack which was proven vulnerable in other studies by Cyber@BGU researchers. "It seems getting IoT products to market at an attractive price is often more important than securing them properly," he says.

Tips for IoT Product Security

With the goal of making consumers smarter about smart home device protection, BGU researchers offer a number of tips to keep IoT devices, families and businesses more secure:
    1. Buy IoT devices only from reputable manufacturers and vendors.

    2. Avoid used IoT devices. They could already have malware installed.

    3. Research each device online to determine if it has a default password and if so change before installing.

    4. Use strong passwords with a minimum of 16 letters. These are hard to crack.

    5. Multiple devices shouldn't share the same passwords.

    6. Update software regularly which you will only get from reputable manufacturers.

    7. Carefully consider the benefits and risks of connecting a device to the internet.

"The increase in IoT technology popularity holds many benefits, but this surge of new, innovative and cheap devices reveals complex security and privacy challenges," says Yael Mathov, who also participated in the research. "We hope our findings will hold manufacturers more accountable and help alert both manufacturers and consumers to the dangers inherent in the widespread use of unsecured IoT devices."
-end-
Click here to access the paper.

The BGU research collaboration also includes Michael Bohadana, a researcher at Deutsche Telekom Innovation Labs@BGU and Prof. Yuval Elovici, director of Cyber@BGU, director of Deutsche Telekom Innovation Labs@BGU and a member of the BGU Department of Software and Information Systems Engineering.

American Associates, Ben-Gurion University of the Negev

American Associates, Ben-Gurion University of the Negev (AABGU) plays a vital role in sustaining David Ben-Gurion's vision: creating a world-class institution of education and research in the Israeli desert, nurturing the Negev community and sharing the University's expertise locally and around the globe. As Ben-Gurion University of the Negev (BGU) looks ahead to turning 50 in 2020, AABGU imagines a future that goes beyond the walls of academia. It is a future where BGU invents a new world and inspires a vision for a stronger Israel and its next generation of leaders. Together with supporters, AABGU will help the University foster excellence in teaching, research and outreach to the communities of the Negev for the next 50 years and beyond. Visit vision.aabgu.org to learn more.

AABGU, headquartered in Manhattan, has nine regional offices throughout the United States. For more information visit https://aabgu.org/.

American Associates, Ben-Gurion University of the Negev

Related Consumers Articles:

What's in a name? For young Chinese consumers, it's about culture mixing
Younger, more cosmopolitan Chinese consumers tend to favor brand translations that keep both the sound and the meaning of the original name, says U. of I. business professor and branding expert Carlos J.
Why do consumers participate in 'green' programs?
From recycling to reusing hotel towels, consumers who participate in a company's 'green' program are more satisfied with its service, finds a new study co-led by a Michigan State University researcher.
Consumers care about carbon footprint
How much do consumers care about the carbon footprint of the products they buy?
Consumers have huge environmental impact
You won't make big cuts in your environmental impact by taking shorter showers or turning out the lights.
Consumers' preferences for foliage plant attributes
Experiments investigated the effect of plant attributes on consumers' likelihood of purchasing indoor foliage plants.
New study finds adult fresh pear consumers had a lower body weight than non-pear consumers
The epidemiologic study, led by Carol O'Neil of the Louisiana State University Agricultural Center, used a nationally representative analytic sample to examine the association of fresh pear consumption with nutrient intake, nutrient adequacy, diet quality, and cardiovascular risk factors in adults.
How much do consumers know about new sunscreen labels?
Sunscreen labels may still be confusing to consumers, with only 43 percent of those surveyed understanding the definition of the sun protection factor value, according to the results of a small study published in a research letter online by JAMA Dermatology.
Saving money: Do consumers spend less if they think about the future?
Why is it so hard for consumers to save money?
When are consumers more likely to rely on feelings to make decisions?
Why do some consumers make choices based on their feelings instead of rational assessments?
How are ordinary consumers transforming the fashion business?
One of the most important shifts of the 21st century is the ability of consumers to participate in markets they love such as music and fashion.

Related Consumers Reading:

Consumers
by Godspeed Publishing

Consumer Behavior: Buying, Having, and Being (12th Edition)
by Michael R. Solomon (Author)

Consumer Behavior: Buying, Having, and Being (11th Edition)
by Michael R. Solomon (Author)

Consumer Behavior: Building Marketing Strategy
by David L Mothersbaugh Associate Professor of Marketing (Author), Delbert I Hawkins Dr (Author)

Consumer Behavior
by Wayne D. Hoyer (Author), Deborah J. MacInnis (Author), Rik Pieters (Author)

Consumer Behavior
by Wayne D. Hoyer (Author), Deborah J. MacInnis (Author), Rik Pieters (Author)

Consumer Behavior: Building Marketing Strategy, 12th Edition
by Delbert Hawkins (Author), David Mothersbaugh (Author)

Consumer Mathematics student workbook
by AGS Secondary (Author)

A Consumers' Republic: The Politics of Mass Consumption in Postwar America
by Lizabeth Cohen (Author)

Consumer Behavior (11th Edition)
by Leon G. Schiffman (Author), Joseph Wisenblit (Author)

Best Science Podcasts 2018

We have hand picked the best science podcasts for 2018. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

Dying Well
Is there a way to talk about death candidly, without fear ... and even with humor? How can we best prepare for it with those we love? This hour, TED speakers explore the beauty of life ... and death. Guests include lawyer Jason Rosenthal, humorist Emily Levine, banker and travel blogger Michelle Knox, mortician Caitlin Doughty, and entrepreneur Lux Narayan.
Now Playing: Science for the People

#491 Frankenstein LIVES
Two hundred years ago, Mary Shelley gave us a legendary monster, shaping science fiction for good. Thanks to her, the name of Frankenstein is now famous world-wide. But who was the real monster here? The creation? Or the scientist that put him together? Tune in to a live show from Dragon Con 2018 in Atlanta, as we breakdown the science of Frankenstein, complete with grave robbing and rivers of maggots. Featuring Tina Saey, Lucas Hernandez, Travor Valle, and Nancy Miorelli. Moderated by our own Bethany Brookshire. Related links: Scientists successfully transplant lab-grown lungs into pigs, by Maria Temming on Science...