August 9, 2015 ·
How Drones Can Find And Hack Internet-Of-Things-Devices (IoT) From The Sky; Hackers Can Take Over Door Locks, Alarm Systems, And Any Devices Connected To The IoT
Mohit Kumar, writing in the August 7, 2015 edition of TheHackerNews.com, notes that “security researchers have developed a Flying Drone with a custom-made tracking tool — capable of sniffing out data from the devices connected to the Internet — better known as the Internet-of-Things (IoT). Under its — Internet of Things Map Project, a team of researchers at the Texas-based firm — Praetorian — wanted to create a searchable database that will be the Shodan search engine for SCADA devices.”
Located More Than 1,600 Devices Using a Drone
“To make it possible, the researchers devised a drone with their custom built connected-device tracking appliance,and flew it over Austin, Texas in real-time. During an 18-minute flight,” Mr. Kumar wrote, “the drone found nearly 1,600 Internet-connected devices, of which 453 IoT devices are made by Sony; and, 110 by Philips.”
How Did They Locate Internet-Of-Things Devices?
“The researchers located all ZigBee-enabled smart devices and networks; and, then started expanding their research,” Mr. Kumar noted. “When IoT devices communicated over a wireless protocol called — ZigBee — this protocol is open at a network level. So, when the devices start connecting, they send out beacon requests. We capture data based on this,” says Paul West Jauregui, from Praetorian. ZigBee is a popular, smart-home, wireless communication standard, used by the majority of Internet-Of-Things devices used today. ZigBee protocol, which lets IoT devices talk to each other, is implemented by major vendors including Toshiba, Philips. Huawei, Sony, Siemens, Samsung, Motorola, and many more.
Exploiting ‘ZigBee’ To Hack Internet-Of-Things Devices Remotely
“Such drone experiments could be even worse — if hackers were able to hijack smart-home and Internet-enabled appliances remotely….that’s Evil! But, it has been demonstrated by a Vienna-based team of security researchers at the Black Hat security conference,” Mr. Kumar wrote.
“Tobias Zilner and Sebastian Strobl from ‘Cognosec’ have discovered some critical security flaws in ZigBee, that could allow hackers to compromise ZigBee networks, and take over control of all connected devices on a network, including door locks, alarm systems, and even controlling your light bulbs. The vulnerability,” Mr. Kumar notes, “actually relies in the way ZigBee protocol handles the keys it uses to authenticate the IoT devices it adds to its mesh network, allowing hackers to sniff out exchange authenticate keys.”
Even Worse……..
“The worst part pointed out by the researcher is that there is nothing users could do to make their smart devices more secure; and, since the flaw affects a broad range of devices, it’s quite unclear how quickly vendors will come up with a fix.”
To those of you who read this blog — this news is not surprising. Anything……anything….connected to the Internet can be hacked — I don’t care how secure you think your network is. You have to accept the fact, that the more network enabled and network dependent you are — the more vulnerable you are to a potential catastrophic cyber attack. To lessen the threat — you have to lesson your digital footprint. V/R, RCP
No comments:
Post a Comment