Sunday, February 12, 2012
Die hard Scenario: Rise in Exploitation of Internet Connected Devices Imminent
There have been two widely publicized news reports on the exploitation of Internet connected devices. These devices were office video conferencing equipment and home video camera’s which allowed skilled individuals to turn on and monitor video and audio feeds from the Internet. There are three primary reasons for allowing such surveillance; the first was an Internet connection without use of a firewall, the second misconfiguration or use of default passwords and thirdly product vulnerabilities.
As more and more devices get connected onto the Internet, these sorts of problems will become more acute. All new devices whether they are cars or power systems are vulnerable. Going forward we must ensure that we configure these devices properly, use strong passwords and ensure these products are patched regularly.Some of these devices are not commonly used and hence normal methods of discovery and reporting of vulnerabilities do not work very well. There is a need to ensure that such products are securely tested by the product suppliers and carry a specific security certification stamp which enable users make a purchase decision. Solutions to this specific set of problems will require users to secure and securely operate increasingly interconnected home networks, which is not an easy task going by the many instances of badly secured wifi networks.
Two articles on real life incidents which highlight the severity and urgency of the risk are:Trendnet security cam flaw exposes video feeds on net