Managed, a UAE based cyber security company, recently showcased how vulnerable the IoT systems and smart consumer electronics are to hacking and being breached. Managed security analysts hacked into and compromised latest brand-name smart consumer electronics, children’s games and toys, computing devices and industrial equipment.
The objective of this exercise was to raise awareness in the market about the dangers lurking in these devices and how to mitigate the risks. In the field, Managed engineers have routinely found connected devices being deployed without proper security and hardening processes.
IoT is predicted to be a multi-billion dollar wave of technology coming in over the next few years – with everyday devices being connected to each other and service providers, to make life easier. While there are certainly advantages to IoT and smart devices, they are also extremely attractive for hacking and privacy breaches.
Users need to realize that these IoT and smart devices are full-fledged computers that require the same level of patching and security management, as their regular PCs and communication devices, apart from the volume of information being sent back by the connected smart devices to the manufacturer or the service provider.
As the number of devices being deployed in the field increases, manufacturers are adding more services to generate revenue. Packet data analysis of traffic going from the devices back to the manufacturer shows very detailed information being sent back.
Managed recommends that companies and consumers should be mindful of security and privacy when deploying these new technology devices at work and in their homes. The first step is to change the default passwords for admin level to complex passwords and then update the firmware with the latest version so that the smart device can be more secure.
Users should also check the options in the setup menus to ensure that their privacy is maintained. Managed analysts however warn that selecting privacy options is still not a guarantee that user’s private information is not being sent back. Companies should also think through the security implications and if possible isolate the IoT equipment from their main corporate networks.
In January, Managed BrandHawk Alpha social media and online threat assessment service was used by a private sector organization in the UAE to gauge the level of its online brand reputation after getting complaints from its staff about receiving fraudulent emails from social media profiles that looked very genuine.
The BrandHawk system was used to collect online information about the company and the data collected was thoroughly analyzed. The core of the investigation focused on publicly available images of the senior management that were picked up from a major social media site and then cross referenced with other social media sites and image search engines – to create a full fake profile of the senior manager.