Sunday, February 22, 2015

Is your toaster a silent recruit in a 'thingbot' army?

BBC News - Is your toaster a silent recruit in a 'thingbot' army?
For example, security firm Proofpoint says in 2014 over 750,000 phishing and spam messages were sent from more than 100,000 household devices - televisions, wi-fi routers, and fridges.
A more recent example was the Lizard Squad's Christmas Day DDoS attacks on the Xbox and PlayStation networks.
They mounted the attack using hacked home wi-fi routers.
As more IoT systems come online, such attacks are likely to increase, experts warn.
In November, a Russian website compiled a list of compromised security cameras connected to the internet, including 584 in the UK.
It broadcast scenes of children watching telly, a man making tea, and an elderly woman asleep in her bed.
In most cases, the owners simply hadn't changed the default passwords that came with the systems. The site has now closed down.
If devices connect with each other locally, but never get updated, it leaves them vulnerable to hacking.
But if they connect to a central web server and are updated automatically, they could potentially intrude on our privacy, argues Mr Weaver.
"Nest is connected to Google, and it knows when you're home, it knows your habits. 
A power meter can often figure out what television channel you're watching."
"So we have this bind: we either have devices that are horribly insecure, or we have devices that are capable, and often designed to spy on the user," he says.

No comments: