Do you know what your smart house has been up to while you were on holiday? Are you sure it didn’t join a gang and knock a country offline?
Since the early days of industrialization, humans have envisioned a future of robots, smart homes, flying cars and hoverboards. And while automation has been key in our evolution, modern AI-driven automata still struggle to get a joke. The smart home itself is still a strange concept to many, even though most of us live in one.
In 2018, the Internet of Things devices are ubiquitous – from smart and inexpensive light switches to full-fledged digital assistants that control other intelligent “things” in our houses. This half-useful, half-entertaining mix and match of technologies is fun to watch: Google Home running your schedule, compiling your shopping list and bossing around your cleaning robots sure make a nice show for your guests, especially the less tech-savvy ones.
But the deeper, darker part of the story starts when the bad guys, not your personal assistant, control your devices. These devices – increasingly ubiquitous in our homes either because we desperately want them or because we lack dumb alternatives nowadays – could open the door to outsiders. Or completely knock parts of the USA offline for hours.
See, vulnerable IoT devices pose two major threats.
The most important threat lies in their sheer number. Many times, these devices are battery powered and feature lightweight CPUs that can barely handle the tasks the IoT device has been designed to. Adding security might overcomplicate the design or increase the cost of the device. Simplified setup procedures also trade security for convenience, as the modern user runs through the installation process.
For instance, not requiring complicated passwords or not forcing the user to change the default username and password can leave them vulnerable to outsiders. Letting these devices talk directly to the internet (i.e. not firewalling them, as we do with other devices) is a feature in itself: many times, people install surveillance cameras just so they can access them from outside of the home and make sure everything is OK. If you can access them online, though, so can hackers. Using automated device discovery tools such as Shodan, hackers can mass-discover specific makes and models of vulnerable devices to toy with them individually.
And when hackers have enrolled enough devices into a botnet, they turn them against a target in a coordinated effort. It could be a bank, a hospital or a critical infrastructure, like your utilities company. The massive number of requests per second initiated by these devices can knock a host offline for hours, or days. Specialists call that a distributed denial of service attack.
The second threat is related to privacy. Most of these devices have an incredible array of sensors, ranging from microphones to cameras to “artificial noses” that pick up smoke or poisonous gases. When compromised, they become the hacker’s eyes and ears inside your home. Nobody wants to host their own version of the Truman Show in their own house, betrayed by the very devices that were supposed to protect them.
Speaking of eyes and noses, here comes physical security. Some of these devices are tasked with our well-being at home or at the office – access control, smart gas sensors, thermostats and cooking units are not your average consumer electronic toys. They are devices we trust with our physical security, and abusing them can have serious consequences (i.e. somebody turning on the oven remotely, or taking a smoke detector or gas sensor offline).
Fortunately for our smart home, security vendors and newly founded start-ups are now developing next generation security solutions to fix whatever security hole the Internet of Security devices might punch in our networks.
Some of these devices, such as the new Bitdefender BOX, go way beyond the smart firewall approach. BOX features artificial intelligence capabilities that can detect exploitation attacks against the interconnected devices in your household and spot existing vulnerabilities in devices you might have bought a while ago. Bitdefender BOX blends convenient device management with 360-degree visibility and security to make sure all the devices – from smart switches hidden behind walls to your gorgeous gaming PC in the living room – enjoy the same level of protection and care.
The second generation of Bitdefender BOX is built with more than 6 years of experience in IoT security. Device management, vulnerability assessment and state-of-the art parental assistance technologies put you in control of both device and physical security, regardless of operating system, hardware or platform.