It could be a merry holiday season for hackers, with millions of new and potentially vulnerable online gadgets hitting the market.
Security experts said the vulnerabilities of Internet of Things (IoT) devices such as fitness bands, smartwatches, drones and connected appliances could be exploited as consumers adopt these products for the holiday season.
Any connected device “can be a pivot point into your network,” Intel Security Group cybersecurity and privacy director Bruce Snell said.
Photo: Reuters
Although breaking into a wearable device or drone does not necessarily provide immediate value for a hacker, it can lead to a connection to a smartphone and data which is stored in the cloud, security experts said.
“These could potentially install malware that sniffs out all the passwords on your network and sends them to a remote location,” Snell said.
For easier use, many consumer gadgets use relatively insecure connections and often require minimal use of passwords or other authentication.
Intel consumer online safety director Gary Davis said the holidays could be a vulnerable time for consumers and a time for hackers to celebrate.
“With the excitement of getting new devices, consumers often are so eager to begin using them that they do not take time to properly secure them,” he wrote.
In some cases, security can be improved by simply changing the password on the device, which might be something as simple as 1234 or 0000, but many people fail to do this.
“When you get that shiny new toy for Christmas, you want to just get it working,” security firm Digital Shadows chief executive officer Alastair Paterson said.
Paterson noted that with a blurring of lines between work and leisure time, many people take home sensitive corporate material that can then be stored in a hackable home network.
In some cases, “just by connecting it to the home Wi-Fi network, they are exposing documents to the entire Internet,” Patterson said.
The research firm Gartner earlier this month forecast that there will be 6.4 billion Internet-connected devices next year, up 30 percent from this year, and the figure would reach 20.8 billion by 2020.
Juniper Research predicts smart toy sales are set to hit US$2.8 billion this year, adding that “vendors are likely to require third-party software expertise to avoid PR disasters caused by hackers.”
Smart home devices such as thermostats can be a gateway for hackers, a report this year by researchers at TrapX Labs said.
The researchers took apart and then used a thermostat made by Nest Labs as a point of attack for a home network and were able to track the users’ Internet surfing activity and get access to their private credentials.
Although Nest “is relatively secure,” there is a concern “that the manufacturers of IoT devices at all points in the supply chain do not seem to have the economic incentives to provide initial cybersecurity... the manufacturers involved with IoT are obsessed with cost-cutting and minimal design footprints,” the report said.
Northeastern University researchers found some smartphone fitness apps can leak passwords and location information over public Wi-Fi networks.
“Our devices really store everything about us on them; who our contacts are, our locations and enough information to identify us because each device has a unique identifier number built into it,” said computer science professor David Choffnes, who led the study, which also developed a system to detect and fix data leaks.
British security firm Pen Test Partners researchers said a similar vulnerability exists in Wi-Fi-connected kettles and coffee machines.
The devices allow users to turn the kettle on without getting up, but it also means “a hacker can drive past your house and steal your Wi-Fi key,” Pen Test’s Ken Munro wrote in a blog post last month.
“If you haven’t configured the kettle, it’s trivially easy for hackers to find your house and take over your kettle,” he wrote.
California-based security firm Veracode found vulnerabilities in many smart home hubs that control systems such as garage doors or lighting.
Cybercriminals could turn microphones on and listen to conversations or get notifications when a garage door is opened or closed, offering an opportunity to break into a given house, a Veracode study found.
A US Federal Trade Commission report highlighted the numerous risks for connected devices, while recommending that companies “build security into their devices at the outset.”
The commission also said companies “should limit the data they collect and retain and dispose of it once they no longer need it” to minimize privacy risks.
purpose: Tesla’s CEO sought to meet senior Chinese officials to discuss the rollout of its ‘full self-driving’ software in China and approval to transfer data they had collected Tesla Inc CEO Elon Musk arrived in Beijing yesterday on an unannounced visit, where he is expected to meet senior officials to discuss the rollout of "full self-driving" (FSD) software and permission to transfer data overseas, according to a person with knowledge of the matter. Chinese state media reported that he met Premier Li Qiang (李強) in Beijing, during which Li told Musk that Tesla's development in China could be regarded as a successful example of US-China economic and trade cooperation. Musk confirmed his meeting with the premier yesterday with a post on social media platform X. "Honored to meet with Premier Li
ARTIFICIAL INTELLIGENCE: The chipmaker last month raised its capital spending by 28 percent for this year to NT$32 billion from a previous estimate of NT$25 billion Contract chipmaker Powerchip Semiconductor Manufacturing Corp (力積電子) yesterday launched a new 12-inch fab, tapping into advanced chip-on-wafer-on-substrate (CoWoS) packaging technology to support rising demand for artificial intelligence (AI) devices. Powerchip is to offer interposers, one of three parts in CoWoS packaging technology, with shipments scheduled for the second half of this year, Powerchip chairman Frank Huang (黃崇仁) told reporters on the sidelines of a fab inauguration ceremony in the Tongluo Science Park (銅鑼科學園區) in Miaoli County yesterday. “We are working with customers to supply CoWoS-related business, utilizing part of this new fab’s capacity,” Huang said, adding that Powerchip intended to bridge
Dutch brewing company Heineken NV on Friday announced an investment of NT$13.5 billion (US$414.62 million) over the next five years in Taiwan. The first multinational brewing company to operate in Taiwan, Heineken made the statement at a ceremony held at its brewery in Pingtung County. It also outlined its efforts to make the brewery “net zero” by 2030. Heineken has been in the Taiwanese market for 20 years, Heineken Taiwan managing director Jeff Wu (吳建甫) said. With strong support from local consumers, the Dutch brewery decided to transition from sales to manufacturing in the country, Wu said. Heineken assumed majority ownership and management rights
Microsoft Corp yesterday said that it would create Thailand’s first data center region to boost cloud and artificial intelligence (AI) infrastructure, promising AI training to more than 100,000 people to develop tech. Bangkok is a key economic player in Southeast Asia, but it has lagged behind Indonesia and Singapore when it comes to the tech industry. Thailand has an “incredible opportunity to build a digital-first, AI-powered future,” Microsoft chairman and chief executive officer Satya Nadella said at an event in Bangkok. Data center regions are physical locations that store computing infrastructure, allowing secure and reliable access to cloud platforms. The global embrace of AI