Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/27/2014
12:00 PM
David Jacoby
David Jacoby
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

How I Hacked My Home, IoT Style

It didn't take long to find a score of vulnerabilities in my home entertainment, gaming, and network storage systems.

Very often new terms get over-hyped in the IT security industry. Today, as we all look to find out more about the Internet of Things, the typical residence can easily have five devices connected to a home network that aren't computers, tablets, or cellphones. As users in this connected environment, we need to ask ourselves "What's the current threat level?" and "How vulnerable am I?"

Most people know what a computer virus is, that we should have strong passwords, and that it's important to install the latest security patches. But many of us (even those with an IT-security mindset) still focus primarily on protecting our traditional endpoints and forget that there are other devices connected to our networks.

For this reason, I decided to conduct research that would identify how easy it would be to hack my own home. Are the devices connected to my network vulnerable? What could an attacker actually do if these devices were compromised? Is my home hackable? I determined to look for real, practical, and relevant attack vectors to see whether it was.

During my research I focused on all the "other" devices I have connected to my home network: a smart TV, satellite receiver, DVD/Blu-ray player, network storage devices, and gaming consoles. Before I started, I was pretty sure that my home was pretty secure. I mean, I've been working in the security industry for over 15 years, and I'm quite paranoid when it comes to such things as security patches.

As I started my research, it didn’t take long to figure out just how easy it was to find vulnerabilities in all of the systems. I managed to find 14 vulnerabilities in the network attached storage, one vulnerability in the Smart TV, and several potentially hidden remote control functions in the router.

The most severe vulnerabilities were found in the network-attached storage, several that would allow an attacker to remotely execute system commands with the highest administrative privileges. The tested devices also had weak default passwords; lots of configuration files had the wrong permissions; and they also contained passwords in plain text.

When I investigated the security level of the smart TV I discovered that no encryption was used in communication between the TV and the TV vendor’s servers. I was able to replace an icon of the Smart TV graphic interface with a picture, showing the potential for a man-in-the-middle style of attack. 

The DSL router used to provide wireless Internet access for all other home devices contained several hidden dangerous features that could potentially provide the Internet service provider remote access to any device in my private network. The results were shocking, to say the least.

What I found from my research is that we need to assume that our devices can be, or are already, compromised by attackers who can gain access to them. This applies to consumers as well as companies. We need to understand that everything we connect to the network might be a stepping stone for an attacker.

We also need to understand that our information is not secure just because we have a strong password or are running some protection against malicious code. It took me less than 20 minutes to find and verify extremely serious vulnerabilities in a device considered to be secure.

As a community, we need to come up with alternative solutions that can help individuals and companies improve their security. Even though the home entertainment industry might not be focused on security, with just a few simple tips we can all raise the security level a little bit higher. As a side note, all vulnerabilities have been reported to the respective vendors, and they're working on solutions for these products.

Click here for more details on David’s research.

David is a Senior Security Researcher for Kaspersky Lab, with 15 years of experience working in the IT security field. He is responsible for not only research but also technical PR activities in the Nordic and Benelux regions where his tasks often include vulnerability and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
<<   <   Page 2 / 2
Cybdiver
100%
0%
Cybdiver,
User Rank: Apprentice
8/28/2014 | 4:22:48 PM
Re: Assessment Tools
I went through the same drama at home, and then went and invested in a firewall appliance.  It cost a few bucks but much more secure than the NAT from a DSL modem or router.  Articals like these are always good reminders to check our networks. 

The sad truth is many manufacturers are so eager to give us online this or that they forget or ignore security concerns to get their products working or just out to market.  I went through this with of all companies Microsoft and an Xbox.  It's quite a gymnastic task getting the right ports open so you can communicate with their servers.  This holds true for items like a streaming media player.  Since I don't want manufacturers snooping around my network I finally tossed much of that stuff into a DMZ and monitored it for outbound traffic when I wasn't using it.   A sub 500 dollar firewall might seem like alot of money just think of the cost of having someone steal or delete your stuff.  No network is truly safe these days but at least you can send the majority looking for easier pray.  I especially recommend a firewall for even the smallest of businesses.  Now if I could only convince people that yes the first password I will try when hacking your system is "Password".
davidjacoby
50%
50%
davidjacoby,
User Rank: Author
8/29/2014 | 7:18:55 AM
Re: Assessment Tools
Hi Cybdiver,

 

Just a small note, event that these devices where located on my local network, i could trigger the vulnerabilities remotely by a simple JavaScript. When any "real" device, such as a laptop, visisted my malicious website, the vulnerabilities in the storage device was triggered, and i would access the local area network again.


Once again, i think one of the best options here, is to restrict access to the Internet for the devices.
davidjacoby
50%
50%
davidjacoby,
User Rank: Author
8/29/2014 | 7:20:20 AM
Re: Assessment Tools
Hola Kelly,

Ill paste you the answer i gave to another user here, it applies on your question too:

Just a small note, event that these devices where located on my local network, i could trigger the vulnerabilities remotely by a simple JavaScript. When any "real" device, such as a laptop, visisted my malicious website, the vulnerabilities in the storage device was triggered, and i would access the local area network again.


Once again, i think one of the best options here, is to restrict access to the Internet for the devices.

But to develop my JavaScript i still needed some information about the local area network.
davidjacoby
50%
50%
davidjacoby,
User Rank: Author
8/29/2014 | 7:22:57 AM
Re: Assessment Tools
Hola!

Thanks for your comment and i agree that these attacks are not very popular. Thats not the point. Please read my entire article at Securelist and you will understand.

 

http://securelist.com/analysis/publications/66207/iot-how-i-hacked-my-home/
Cybdiver
50%
50%
Cybdiver,
User Rank: Apprentice
8/29/2014 | 8:19:58 AM
Re: Assessment Tools
Restricting access to the internet does not seem likely except during a test phase.   I notice that even the smallest of storage devices these days shouts out to the net checking to see if it's software is up to date.  Also many newer devices are selling home cloud solutions.

You and I are probably among the few that go to the extent of trying to lock down a network.  Most folks just plug gear in and go with it.  I've even come across that at larger companies.  Their IT staff is overloaded with just keepign the users working and printers full of ink they take a firewall install it with defaults and figure that's good enough.  I'm kinda grateful they do that. 
DarkReadingTim
50%
50%
DarkReadingTim,
User Rank: Strategist
8/29/2014 | 9:28:16 AM
Re: Assessment Tools
Curious to know how many of the techniques described here would translate to an enterprise security manager suddenly faced with managing so many non-computer devices? What will be the effects of IoT in the business?
<<   <   Page 2 / 2
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The &Atilde;&cent;&acirc;&sbquo;&not;&Aring;&ldquo;Elementor Addon Elements&Atilde;&cent;&acirc;&sbquo;&not;? WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The &Atilde;&cent;&acirc;&sbquo;&not;&Aring;&ldquo;Livemesh Addons for Elementor&Atilde;&cent;&acirc;&sbquo;&not;? WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The &Atilde;&cent;&acirc;&sbquo;&not;&Aring;&ldquo;HT Mega &Atilde;&cent;&acirc;&sbquo;&not;&acirc;&euro;&oelig; Absolute Addons for Elementor Page Builder&Atilde;&cent;&acirc;&sbquo;&not;? WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The &Atilde;&cent;&acirc;&sbquo;&not;&Aring;&ldquo;WooLentor &Atilde;&cent;&acirc;&sbquo;&not;&acirc;&euro;&oelig; WooCommerce Elementor Addons + Builder&Atilde;&cent;&acirc;&sbquo;&not;? WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The &Atilde;&cent;&acirc;&sbquo;&not;&Aring;&ldquo;Elementor Addons &Atilde;&cent;&acirc;&sbquo;&not;&acirc;&euro;&oelig; PowerPack Addons for Elementor&Atilde;&cent;&acirc;&sbquo;&not;? WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...