Kaspersky Lab Cybersecurity weekend Part 2: Hacking IoT – practically child’s playBy Ryan Noik 3 May 2019 | Categories: Corporate Events
One of the stand out demonstrations at Kaspersky’s Cybersecurity weekend, held in Cape Town this week, was just how easily and quickly a drone can be hijacked. Indeed, with IoT being an unstoppable emerging technology, only poised to grow in the years ahead, getting a handle on the security of connected devices is already a no-brainer.
Already we have seen incidents where a casino’s network was compromised via the hack of a connected thermostat in a fish tank, but why should we pay even closer attention to drones? Maher Yamout, the senior security researcher, global research & analysis team at Kaspersky Lab, explained that if a drone’s security is compromised, it can be used for a number of nefarious purposes.
On the simplest level, it can just be commandeered and stolen. Beyond that, it could be crashed into objects or people, or be used to interfere with transportation, such as blocking a plane from taking off or landing.
Maher Yamout, senior security researcher, global research & analysis team, Kaspersky Lab
Watch your reputation
Furthermore, in countries where one is required to register their drone and has their name associated with it, any of these offences could be committed in an owner’s name, by a cybercriminal. Worth bearing in mind is that it’s not just the flight capabilities of the drone that can be hacked, so too can its camera.
As to how easy it is to hijack and commandeer another person’s drone, 13 year old Reuben Paul demonstrated to the audience what can be done, and within seven minutes, the hack was successfully performed, complete with full flight control and camera interception.
You can see that for yourself at the video below.
It’s not just drones that are vulnerable though, as increasingly, there are a number of smart IoT devices being released onto the market with the aim of making people’s lives easier, from smart locks, to connected coffee machines and smart TV’s.
Yamout noted that the latter, which may feature a camera, can conceivably be hacked and used to snoop on unsuspecting victims. Quite conceivably, a cybercriminal working with a burglar could use that to ascertain when someone isn’t at home and is vulnerable to being burgled.
The good news is that there are a number of measures that can be taken to mitigate IoT attacks. “93% of IoT attacks came through weak passwords, therefore password hygiene is foremost way to protect against IoT hacks,” stressed Yamout.
He pointed out that while some IoT devices do come out of the box with strong passwords in place, a hacker could buy the same device and disassemble the password for use in other similar devices. Therefore the rule of thumb is that people must change any and all passwords that come with their IoT device to one of their own design. And finally, he encouraged people to turn off any connected devices that they are not actively using on a daily basis.
If you are looking for a glimmer of hope in all this, it most clearly comes from Paul, who demonstrated a grasp of IT and emerging technologies on par with many seasoned IT veterans. If that is any indication of what we will see in the upcoming generation, then cybercriminals are going to have a far tougher fight on their hands to compromise internet security than they may suspect.
Most Read Articles
Have Your Say
What are your plans for the holiday season?