Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Networking

These Are the Internet of Things Devices That Are Most Targeted By Hackers (zdnet.com) 58

ZDNet reports: Internet-connected security cameras account for almost half of the Internet of Things devices that are compromised by hackers even as homes and businesses continue to add these and other connected devices to their networks. Research from cybersecurity company SAM Seamless Network found that security cameras represent 47 percent of vulnerable devices installed on home networks.

According to the data, the average U.S. household contains 17 smart devices while European homes have an average of 14 devices connected to the network... Figures from the security firm suggest that the average device is the target of an average of five attacks per day, with midnight the most common time for attacks to be executed -- it's likely that at this time of the night, the users will be asleep and not paying attention to devices, so won't be witness to a burst of strange behavior.

The anonymous reader who submitted this story suggests a possible solution: government inspectors should examine every imported IoT device at the border.

"The device gets rejected if it has non-essential ports open, hard-coded or generic passwords, no automated patching for at least four years, etc."
This discussion has been archived. No new comments can be posted.

These Are the Internet of Things Devices That Are Most Targeted By Hackers

Comments Filter:
  • by Anonymous Coward

    How many of these devices use Linux?

    • None of them because as everyone knows Linux is invincible.

    • by gravewax ( 4772409 ) on Saturday June 15, 2019 @07:50PM (#58769578)
      The majority. Though what OS a machine runs has always been a red herring, usually mentioned by the incompetents/zealots when a vulnerability is on whatever OS they happen to hate. These devices have been built with security as an afterthought, they are poorly designed from start to finish like most cheap IoT devices, it would not matter what OS was on them they would suck at security.
      • What you've said is true.

        Also, you can implement an IP camera with just kilobytes of firmware, plus a couple MB for the bitmap and jpeg conversion. Something like ESP32-CAM. There is no need for an operating system. An OS, Linux any well-known OS, is a thousand times or more complexity than an IP camera needs.

        A big thing in security is what is called "attack surface". Somebody can't attack what isn't there. Devices with poor security allow an attacker to run shell commands.* A minimal IP camera wouldn

  • Yes, let's just hire a bunch of people to solve a problem that has an even easier solution:

    Don't use IoT devices!

    • by mindwhip ( 894744 ) on Saturday June 15, 2019 @06:27PM (#58769346)

      I call BS study. I suspect someone is padding/making up numbers for marketing and/or investment reasons.

      I'm trying to figure out where their numbers of average 17/14 smart devices come from... are they talking about any type networked devices including regular PCs, phones etc as they aren't actually what you could call IoT smart devices...? For every person I know that has smart devices I know three or four that don't have anything other than a PC and a phone so on that basis there must be people out there with 100s of devices to bring the average up. And that is not even counting older relatives that have no tech beyond a basic TV and an alarm clock. I've got an above average amount of tech in my house compared to almost everyone I know and I have 8 smart devices including lighting, thermostat, cameras etc. If you count all networked devices including PC, games consoles etc that number goes up to 15 but that's not what the article is talking about.

      • by aaarrrgggh ( 9205 ) on Saturday June 15, 2019 @07:22PM (#58769506)

        The cameras are pretty common, as are things like Roku, Sonos, smart TVs, “cloud” printers, etc. Heck, my 80-something year old mom has at least 15 networked devices I am aware of.

      • by Tuidjy ( 321055 )

        The devices that connect to my home network include two towers, two Nooks, three laptops, four cellphones, one printer, one router... and not one single IoT or spy (Alexa and her ilk) device.

        That's still 13 devices. Actually fourteen, because there is an old Apple that I have sitting on top of a bookcase, controlling my projector for when I throw disco parties... something I have not done since my daughter was born.

    • But an internet accessible toaster must be cool, right?!

      I mean, The Amityville Horror was a popular book, a popular movie, a few more movies, and then a reboot with some more movies. And that story featured a networked television. So everybody has to have a networked television, right?!

      Smart TVs are obviously evil, I say people get what they deserve.

  • by Anonymous Coward

    I don't give a rat's ass if Mary Jane Rottencrotch's IoT device gets compromised. Buyer beware. No need for another expensive government program.

  • government inspectors should examine every imported IoT device at the border

    I understand customs lack the time and/or expertise to do that: testing will takes some considerable time

  • Plz no clickwhoring titles; should read: "The most targeted IoT devices are .., .. and .."
  • by ctilsie242 ( 4841247 ) on Saturday June 15, 2019 @07:19PM (#58769500)

    I wonder why there isn't a core/edge fabric model for IoT devices. This way, devices will communicate via a hardened firewall, with preinstall manifests (so if some IoT device decides to try to send data to a site in Lower Elbonia, it will not be allowed). This way, there isn't a direct way for attackers to hit devices, and even if a device has a default password, it can't be reached from the outside.

    • by tlhIngan ( 30335 )

      I wonder why there isn't a core/edge fabric model for IoT devices. This way, devices will communicate via a hardened firewall, with preinstall manifests (so if some IoT device decides to try to send data to a site in Lower Elbonia, it will not be allowed). This way, there isn't a direct way for attackers to hit devices, and even if a device has a default password, it can't be reached from the outside.

      Because customers won't go for it. Manufacturers will love the idea - you get to sell two devices - but cust

  • telling people to wear condoms!

    Get the user to take control themselves. Time they stopped being such slaves to scammers.

    Of course, it helps if the condom isn't a ball of string that has to be knitted before use.

  • by leonbev ( 111395 ) on Saturday June 15, 2019 @09:48PM (#58769856) Journal

    Seriously, does anyone here think that our existing customs officers have the technology skills to insure that imported IoT products are properly secured?

    With the amount of training it would take to have them be able to competently check every new kind of "smart" device coming in from overseas, you would pretty much need the equivalent of a new IT department worth of tech workers at every major port of entry. Even if they get the purchase reqs open for those positions, filling them with qualified people will be even more difficult.

    This idea the OP is proposing would probably end up becoming one of the biggest new government jobs program since the creation of the TSA, and probably with similar results. Shipments will take longer to get here because of "random" screenings, legitimate orders will get blocked because the customs people won't know how to properly check them, and some poorly secured products will still get in. And when that new "IoT Security Tax" gets passed to pay for this insanity, everything will just end up costing more.

    • by Anne Thwacks ( 531696 ) on Sunday June 16, 2019 @02:16AM (#58770346)
      Or you could go the European way:

      Everything imported must comply with European legislation/standards and have a CE mark to show it does.

      You can self certify for most products (basically, AFAICR, unless life is at risk) but others required evidence of independent testing. If you get caught lying, you are in trouble.

      If you are the importer you are in big trouble. At the very least, the entire batch is destroyed and you still have to pay for it (purchase, import and destruction). You might have to recall all product shipped, and might get fined as well. Technically, retailers are also liable (but if it is CE marked, they can probably say "It was CE marked - so I believed it was OK").

      Or the American way: pay a congress-critter or two.

  • Oh yes, automated patching for 4 years and beyond is going to keep all the rest of the checks valid.

  • Article says "According to the data, the average U.S. household contains 17 smart devices ..." meaning devices connected to the internet. Come now. The closest ridiculous exaggeration I've read was when the Consumer Reports magazine stated that the average person uses a roll of toilet paper in 3 1/2 days. Lies, damn lies, and statistics mis-interpreted.
  • Save time - just tell us the ones that aren't.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...