Security researchers from North Carolina found out, that “smart home” is easy to fool
Vulnerabilities in security systems from “smart house” allow attackers with users’ notification switch off alarms and security warnings.
IoT – devices are rapidly gaining popularity, and is expected that they will make their input in ensuring our security. Quite possible that expectation are illusory.“We discovered in IoT –devices common vulnerabilities that allow disabling notifications and other security service” – reports professor of computer science from University of North Carolina William Enck.
Enck with colleges studied devices for “smart house” and found a series of errors that were made during the design.
“Essentially, devices are developed with consideration that wireless connection is safe and works without crashing. However, it is not always so” – noted Enck’s college Bradley Reaves.
As say researchers, if intruder hacks home router (or he knowns a password), he can upload malware programs that will block invasion sensors.
Malware enables devices repeating heatbeat-signals and by this demonstrate that they are connected to network and function. In other words, system shows that it is in a working state though it does not perform its functions.
Such attacks are possible, as heartbeat-signals of many IoT-devices is easily to distract from other signals.
“Attackers may blind devices and confuse their state by selectivelysuppressing device telemetry (i.e., data collected and transmittedto the cloud). Telemetry may be classied into channels for eachsource of data”, — informs Encks.
For resolving this issue, IoT-device producers should make heartbeat-signals inseparable from the rest of others. In such case, malware will not be able to detect them and suppress signals about invasion only.
Source: https://enck.org