The Federal Bureau of Investigation (FBI) has a strong warning for home and business owners, about the security risks of using non-branded and off-market Internet of Things (IoT) devices.
All these gadgets – from smart TVs, smart kettles, digital picture frames, and digital projectors to aftermarket vehicle infotainment systems and so on – in use are becoming juicy targets for hackers to weaken home networks for malicious purposes.
The FBI Internet Crime Complaint Center (IC3) just issued a Public Service Announcement on how these devices are being added to botnets at a broad scale and in particular within the “BadBox 2.0” project.
This stealthy malware routinely gets loaded onto device as bloatware or while performing a freshmen setup where a user downloads seemingly benign apps from non-official markets.
And once infected, such IoT devices unwittingly become part of a much larger network of hacked “residential proxies,” which fraudsters can hide behind to avoid detection while carrying out a wide range of malicious online activities.
According to the bureau, many of these vulnerable devices are produced by companies in China. Instead, the central issue is that these pieces of hardware, in their lowest price-oriented incarnations, are typically made with security as a distant concern, and may ship with little to no encryption, rotting firmware that is never updated, and default passwords that can be easily guessed.
Such vulnerabilities easily open the door for attackers to infiltrate home networks without authorization, potentially compromising personal information, privacy — even physical safety in the case smart home controls are compromised.
The public is encouraged to be vigilant regarding IoT device security and to take certain steps to protect these devices. Among some of the recommendations include identifying all networked IoT devices for evidence of compromise, such as requests to disable their security features or discovery of a suspicious app marketplace, and disconnecting any suspect devices from the network; installing available manufacturer patches to mitigate known vulnerabilities that could be exploited; and avoiding side-loading or downloading of apps from unofficial sources.
In addition, consumers are encouraged to update any default passwords to strong, unique combinations, consider segmenting their home network to separate IoT devices into their own device group, and leverage multi-factor authentication where available.
“By implementing these important security measures, everyone can reduce the risk of falling victim to these growing cyber threats and safeguard their digital and physical homes.”
