This Security Vulnerability Could Change An IoT Device Into A Nasty Spy

IoT has had a remarkable impact on our lives. We now have devices connected over a network that are capable of making our lives much easier and comfortable. From smartphones to smartwatches to internet-powered doorbells, door alarms, security cameras, speakers, door locks, lights, bulbs, and baby monitors, the list is just endless. However, with this boon, a bane looms around and that is, miscreants can hack into these devices and if not acted upon promptly, they can wreak havoc on our lives. But, when can hackers feed on IoT devices? The answer is when they sniff a security vulnerability or when we as users don’t practice healthy security habits.

We’ll get into the security habits on a user’s part later in the blog but, let’s first discuss how a security vulnerability can lead a hacker into your IoT device and then into your personal or professional life. Quite recently, a security vulnerability has hit IoT devices. This security flaw can give access to your IoT audio and video feeds and turn into a spying tool.

What is This Security Vulnerability All About? How Severe Is The Security Flaw

As per the researchers at Nozomi Networks Lab and DHS, the security flaw can let malicious attackers tamper with an IoT device. They can easily convert a given IoT device such as a home security camera, a baby monitor, or a smart doorbell into a spying tool. Owing to this vulnerability, they can steal crucial data or spy on video feeds as well. Apart from intruding into one’s personal lives through the aforementioned channels, an attacker can even steal crucial business data such as data related to customers, employees, or even production techniques. The security flaw is indeed very severe. So much so that the Common Vulnerability Scoring System (CVSS) rates it at 9.1/10 on a severity scale.

How Did This Security Flaw Surface?

The flaw is a supply chain bug that was discovered in a software component (P2P SDK) manufactured by a company called ThroughTek who is one of the prominent suppliers of IoT devices. The P2P’s SDK gives remote access to audio/ video streams over the internet. The SDK is found in smart sensors, security cameras such as baby and pet monitoring cameras,  doorbells, etc and it help a viewer gain access to audio/ video streams. The flaw affects P2P’s version 3.1.5 or before. As Nozomi has demonstrated, the older versions of the SDK allow data packets to be intercepted while in transit. A hacker can refurbish these packets into complete audio or video streams.

ThroughTek’s Defence

ThroughTek has countered this bug in version 3.3 that was released in mid-2020. Though the issue is that quite many devices still run the older build. Secondly, as per ThroughTek, to conduct an attack, a prospective attacker will need to have extensive knowledge of network sniffer tools, network security, and encryption algorithm.

We’ve Had Instances of IoT Vulnerabilities and Hacking Attacks In The Past Too

• The Mirai Botnet or Dyn Attack of 2016 – This was the largest DDoS attack on service provider Dyn that led to considerable portions of the internet going down that included Netflix, Reddit, Twitter, and CNN
• As per the FBI’s latest findings, there are Smart TV manufacturer’s for whom security is an afterthought and an unsecured TV can be used by a hacker to not just control your channels or volume but even stalk you
• A researcher at the University of Texas at San Antonio claims that hackers can use infrared-enabled smart bulbs to infect other IoT devices
• Researchers unearthed bugs in a famous smart deadbolt that could allow attackers to break into homes or even unlock doors

Something To Ponder Upon

It is predicted that by 2025, there will be more than 21 billion IoT devices. That’s almost 3 times the complete population of the world. The above research is an eye-opener both for developers and users alike that if attention is not paid, we can only wonder how many users will become victims of cyberattacks. Read Full Article>