Within five minutes of a smart device going online, hackers will try to gain access by using well-known factory setting passwords and usernames. Even devices that have been updated, where a buyer sets up new credentials immediately, may be hacked because of security vulnerabilities built into the security camera, virtual assistant, thermostat or other product.
NetScout, a cybersecurity firm, tracked attempted attacks on its own honeypots — digital lures that are set up to try and attract hackers. The company saw attacks double in size between December 2018 and January 2019 — up 218 percent – according to its new report, “IoT Exploits: Around the World in 120 Days.”
“Alarmingly, users now have less than 5 minutes from the point of install to change the factory settings of their Internet-connected cameras, virtual assistants, thermostats, door entry systems and other digital equipment before they are probed to see if access is possible using default passwords and in just hours those devices are probed for known security flaws,” said Matt Bing, NetScout’s senior security analyst.
Some of the so-called vulnerabilities, the weak points on a device that could allow a hacker to gain control, are not even new, with one known nearly four years ago, stated NetScout. The most popular attack over the past four months came from an exploit that was publicly known about back in April 2015, and is connected to attacks from the Satori and JenX botnets, the company said on its blog. Most of the malware was actually “a Mirai variant,” they said.
Hacking attempts start within the first five minutes a smart device is connected
While hacks can be as widespread as the Mirai virus, which turned smart devices infected with its code into a zombie botnet army, they can also be done to single devices. Consider the attack on a single fish tank’s thermostat in a Las Vegas casino that helped hackers then gain access to a wider online network in 2018. Or Nest security camera hack that sent one Californian family into a panic when they were told a missile attack was on its way. (It wasn’t.)
NetScout believes even if buyers take all the best steps — changing passwords for example — they really can’t bear the burden of trying to stop hackers, a sentiment other cyber security experts have echoed in the past.
While changing default passwords are always a good idea, smart devices and apps can contain security flaws, and back doors, that make it difficult for the basic consumer to ever completely lock-down their connected products.
One reason smart home brands, besides updating — and testing — their own software regularly and educating their consumers on best security practices, may need to work together to keep their products doing what they’re designed to do, and not be an open door for hackers.
Biometrics Coming To Secure IoT – GearBrain