There are many stories from the Internet of Things (IoT) about how bad security is. Here are few that concentrate on a common thing people have in their homes, webcams.
The Internet of Things (IoT) is not secure. Parts of it probably are, but a lot of stuff for sale is not.
Install a $30 webcam and invite hackers onto your network? Maybe Turning a Webcam Into a Backdoor
The first story is fairly technical. But here is the 30,000 ft view of the problem.
The researchers bought a $30 webcam off of Amazon, and took it apart, and reverse engineered how it sent those images to your smartphone. Then they hacked their way in.
A more advanced camera requires a more advanced effort. Why the Internet of Things is a security nightmare
This camera is actually running Linux. So it could be more robust.
The camera that got cracked was the Motorola Focus 73, and not only did the researchers manage to get inside, but they also managed to obtain the home network’s Wi-Fi password, take full control of the camera’s movement and even redirect the video feed.
That is one reason I probably won’t be installing wireless cameras….
The camera has been updated so that this is not an issue anymore, but these cameras were sold to the general public with stupid, hard-coded passwords. (PW = 123456) No encryption running on the network. But it ups the level of insanity to maximum with this. “The credentials for the developers’ Gmail, Dropbox and FTP accounts were also there.” This tells me that security was not an issue at all. It’s not that security was a second thought. It wasn’t a 15th thought.
So what should you do if you have anything of this nature in your home or business? Set up multi-router system. It takes a minimum of 3. The short version is that all IoT devices need to be on a separate LAN from anything like a PC or smartphone that might contain personal data (banking, etc.) that you don’t want to share with malicious actors.
For the history lesson about why this needs doing, and a view to how to organize things see this week’s Security Now. (You can view online or download in various resolutions.) The relevant section on the ins and outs of TCP/IP and Ethernet starts at 1 hour and 7 minutes in.
Trust no one. Especially not the developers of IoT devices.