Tag Archive for: smart

Hack raises security questions over Google smart speakers

/in


It’s always there. Always listening.

Having a device like Google Home inside our house is pretty standard these days. From setting alarms to playing our favourite song using a simple voice command, the technology certainly comes in handy.

But have you ever felt uneasy about those always-active microphones?

Can we be sure our privacy is not being compromised?

IT professional and security researcher Matt Kunze was  messing around with Google Home one day when he made a concerning discovery.

In his blog, Kunze says “I noticed how easy it was to add new users to the device from the Google Home app. I also noticed that linking your account to the device gives you a surprising amount of control over it.”

Kunze was determined to find out if it was possible for an attacker to link their own Google account to someone’s Google Home and execute commands remotely on someone else’s network.

The result? Kunze, alarmingly, was able to turn his Google Home Mini into what could basically be described as a listening device.

Kunze says he was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a ‘backdoor’ account on the device, enabling them to send commands to it remotely over the internet,  access its microphone feed, and make arbitrary HTTP requests.

Using tools like man-in-the-middle proxy (mitmproxy) enabled Kunze to observe traffic between the Google Home application on a smartphone and the Google Home device.

From there, he discovered that a Google account could be linked to the device by sourcing its information via a local API, and then sending a request to Google’s servers with information to link it.

Kunze wrote a Python script that takes Google credentials and an IP address and then links the Google account to the device at the given IP address.

Kunze then tried to think from the perspective of an attacker.

“Just how much control over the device does a linked account gives you, and what are some potential attack scenarios? I first targeted the routines feature, which allows you to execute voice commands on the device remotely. Doing some more…

Source…

Hackers see common smart home devices as a way into homes

/in


Hackers are trying to access your information every day. One of the biggest vulnerabilities might be your smart home devices.

“Once people have broken into a single device, then typically what they will do is what we call pivot, so they own, if you will, a particular device,” said Steve Beaty, a computer security expert and professor of computer science at the Metropolitan State University of Denver.

“And now, all of a sudden, they’re inside and most of our devices then trust the networks that they’re on,” Beaty said.

He mentioned an example from 2017, where hackers were able to hack into a high-tech fish tank at a casino. From there, they were able to steal more important data from that casino.

This has been happening for years, but it’s getting more common especially as we add more smart devices to our homes, including doorbells, baby monitors, and thermostats.

Hackers can break in and steal passwords or important information, but they can also control anything you have on the network, like a garage door opener for example.

“Maybe they can disarm your security system,” Beaty said. “As the Internet of things has grown, and we have more and more and more devices out there, then we have more vulnerabilities.”

How can you prevent this from happening to you?

First, keep device software up to date.

“Change the default password on all of your devices,” Beaty said.

You can also install antivirus software or use multi-factor authentication on some devices. And in some cases, it might be time for a new upgrade all together.

“I would say specifically webcams, including things like baby monitors, newer is better,” Beaty said.

Source…

On Your Side: Prevent hack attacks on your ‘smart home’ devices

/in


On Your Side: Prevent ‘smart home’ hack attacks


On Your Side: Prevent ‘smart home’ hack attacks

02:11

“Smart homes” sure can make life easier, but they also open you up to hackers. One recent study found that smart homes can experience up to 12,000 hack attempts per week. And most people don’t even know it’s happening.

From smart TVs to baby monitors, even smart appliances and lightbulbs, anything in your house that connects to wi-fi is prone to hacks.

So what if someone hacks my stove? Well, they could turn it on and start a house fire. Or if you have a baby monitor, they could be watching your child, or watch you to study your habits to see when you come and go.

“These devices also can be an entrance point into other devices on your home network,” said Harald Remmert, chief technology officer, Digi International. “So your stove could be the entry point into your router and then eventually into your work laptop.”

So what can you do to hack-proof these smart devices?

  • You need a strong and unique password. Never use the default password or username. And make sure you don’t share passwords across devices.
  • Make sure your device has upgraded software. If you have an old smart device and you haven’t had a software update in quite some time, it may be time to get a new one.
  • A quality router with a good firewall that can detect and prevent attacks is worth the money.
  • And it’s very important to have security software on your computer to let you know if there is unusual activity.

Kristine Lazar


kristine-lazaar-1200x800-2018.jpg

Kristine Lazar is an Emmy Award-winning investigative reporter for CBS2 and KCAL9 News. Kristine graduated Phi Beta Kappa from UC Berkeley, after growing up by the beach in San Diego.

Source…

Why British homes are at risk from ‘Trojan Horse’ smart devices

/in


Hikvision has called concerns about its technology “unsubstantiated” and a “knee jerk reaction”.

There are concerns that China’s dominance of technology runs deeper than just consumer gadgets.

Ministers previously ordered telecoms companies to strip technology made by China’s Huawei from mobile and broadband networks by 2027, amid concerns it represented a national security risk, something the company always denied.

Three Chinese companies, Quectel, Fibocom and China Mobile, make up roughly half of global shipments of IoT cellular modules, according to data from Counterpoint Research. While these historically only processed tiny packets of data over 2G networks, increasingly they are picking up and transmitting more information over 4G and 5G mobile networks.

The proliferation of these IoT modules means that bugs or backdoors, whether left in by design or by accident, are a risk. Concerns have only mounted after a concealed tracking device was found in a government car, believed to have been planted in a part imported from China, the i reported.

Under Chinese law, the CCP can compel companies to aid intelligence gathering operations and provide customer data.

Parton has gone as far as to call for a ban on the sale and installation of new Chinese IOT kits that connect to cellular networks.  

Parton, the former diplomat, who now works for the consultancy OODA, writes in a report sent to government officials: “[Chinese Communist Party] policy documents show the strategic importance of IOT technology to the party.

“In line with CCP industrial policy to promote global champions in new industries, IOT companies have benefited from the creation of a domestic market which excludes international competition.”

For now, the main risk presented by IOT technology appears to be weak security practices and cheap, hackable gadgets. But as China’s dominance continues to grow, a more strategic threat could be emerging.

A government spokesman said: “We are legislating to protect consumers’ connected devices, such as smartphones, TVs, speakers and routers, through new laws to strengthen their privacy and security.”

“It will ban sales in the UK of smart…

Source…