Home / News / Security researchers from North Carolina found out, that “smart home” is easy to fool

Security researchers from North Carolina found out, that “smart home” is easy to fool

Vulnerabilities in security systems from “smart house” allow attackers with users’ notification switch off alarms and security warnings.

IoT – devices are rapidly gaining popularity, and is expected that they will make their input in ensuring our security. Quite possible that expectation are illusory.

“We discovered in IoT –devices common vulnerabilities that allow disabling notifications and other security service” – reports professor of computer science from University of North Carolina William Enck.

Enck with colleges studied devices for “smart house” and found a series of errors that were made during the design.

“Essentially, devices are developed with consideration that wireless connection is safe and works without crashing. However, it is not always so” – noted Enck’s college Bradley Reaves.

As say researchers, if intruder hacks home router (or he knowns a password), he can upload malware programs that will block invasion sensors.

Malware enables devices repeating heatbeat-signals and by this demonstrate that they are connected to network and function. In other words, system shows that it is in a working state though it does not perform its functions.

Such attacks are possible, as heartbeat-signals of many IoT-devices is easily to distract from other signals.

“Attackers may blind devices and confuse their state by selectivelysuppressing device telemetry (i.e., data collected and transmittedto the cloud). Telemetry may be classied into channels for eachsource of data”, — informs Encks.

For resolving this issue, IoT-device producers should make heartbeat-signals inseparable from the rest of others. In such case, malware will not be able to detect them and suppress signals about invasion only.

Heartbeat-signal — is a periodic signal that generated by hardware or software for identification of normal work or synchronizing with other parts of computer system. Usually heartbeat-signal sent in equal intervals every several seconds.

Source: https://enck.org

[Total: 0    Average: 0/5]

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Researchers developed a method for intercepting data from smartphone speakers

Researchers developed a method for intercepting data from smartphone speakers

Security experts from the University of Alabama at Birmingham and Rutgers University demonstrated a third-party …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.