BullGuard has unveiled a free IoT Scanner so you can see whether your smart connected devices are vulnerable to hacking.
BullGuard has released the world’s first IoT Scanner. It’s free and you can use it here.
IoT Scanner is a web-based application that scans the Shodan website for smart connected devices, typically known as Internet of Things or its acronym IoT. Connected devices whether they are smart TVs, media hubs, thermostats, coffee makers, garage doors, webcams, baby monitors – the list goes on – often have a web interface through which they are controlled.
For instance, heating systems can be controlled through a smart phone application which is typically through a web interface. Many IoT devices are based on Wi-Fi technology to link them together, as well as connecting them to wireless access points that in turn connect to the web.
Shodan is essentially a search engine but rather than find web pages it identifies devices that are connected to the internet.
It’s estimated to find about 500,000 of these smart connected devices every month. These devices can range from a smoke alarm which remotely notifies a user if it is activated to a command and control system for a nuclear power plant.
As you can see Shodan doesn’t discriminate, it picks up all sorts of devices from the mundane to the frightening, such as SCADA devices which control critical national infrastructure.
So what has BullGuard’s free IoT scanner got to do with this? Well, if you have a smart TV for instance, smart lighting, or a media hub, it might well have been detected by Shodan.
If it has been identified it will also be listed. This listing will include a lot of technical information about the device including how it is connected to the internet. Unfortunately security on IoT devices is somewhat lacking and setting them up can be complex.
BullGuard has produced a free IoT Consumer Guide which is a handy backgrounder on IoT but perhaps more importantly also provides some invaluable information on how to secure your smart devices.
To explain how smart devices such as light switches, light bulbs, outlets, speakers, cameras, door locks, thermostats, alarms, and so on are configured on a wireless network is complicated.
This reflects the fact that a relatively high level of technical expertise is required to actually configure a smart device as a ‘client’ on a user’s network.
Because many people understandably don’t have this level of technical expertise the devices are not actually configured to the wireless network. This makes the device visible to everyone in broadcast range so it’s perfectly possible for an outsider to control the device.
However, this is not the only vulnerability though it is a common one. There are many others such as an insecure web interface, insufficient user authentication or poor security configuration.
One of the most dangerous vulnerabilities is an open port. At its most simplest a port is the means by which one computer talks to another. Importantly a port is always associated with an IP address, and an IP address is a unique identifier for individual computers.
Because IoT device security is a bit patchwork it’s very possible that an IoT device may essentially may be sitting and listening to an open port out to the internet. This is an open port to the internet – and it’s dangerous.
Hackers can identify open ports and use it like an open door to enter your device and take control of a smart device or if it is configured on your network, actually enter your network without you having any knowledge of it.
This is like having a stranger come into your home, snoop and mooch around, and take whatever they consider valuable or ‘bookmark’ your network for a later visit.
And this is the beauty and strength of the BullGuard IoT scanner. If it finds your device on the Shodan search engine it will gather up all relevant information and send it to you, and let you know if you have an open port.
This allows you to know whether your smart device is actually vulnerable to hacking, enabling you to take the necessary steps to protect yourself.
IoT hacks – it’s happening
By 2020, it’s estimated that there will be between 20 and 30 billion connected devices on the planet. That’s an awful lot.
Unfortunately IoT introduces all the vulnerabilities of the digital world into the real world. Here are a mere handful of IoT security issues, there are many more:
- Security researchers demonstrated how they could remotely hack a 2014 Jeep Cherokee to disable its transmission and brakes. This led to Fiat recalling 1.4 million vehicles because of vulnerabilities in its network that connected cars and trucks.
- Critical medical equipment and devices also have IoT software and architecture vulnerabilities. Students used a dummy to illustrate how they could kill it by taking control of a pacemaker and ramping up the heart rate.
- Drug infusion pumps which dispense morphine, chemotherapy, antibiotics, and other drugs have proven to be hackable.
- Baby monitors are worryingly insecure: A study from the security firm Rapid7 found that all nine of the monitors it tested were relatively easy to hack.
- Researchers exploited the a smart rifle’s insecure Wi-Fi to change variables in the gun’s self-aiming scope system, allowing them to disable the rifle, make it miss its target and even make it hit a target of their choosing instead of the intended one.
- Rob Joyce, chief of the NSA’s Tailored Access Operations unit, leads a group of government sponsored hackers. He said IoT flaws can be used to access heating and cooling systems as a route into organizations that computer network administrators often overlook.
- A security researcher hacked his home via devices connected to his home network: a smart TV, satellite receiver, DVD/Blu-ray player, network storage devices, and gaming consoles.
The above examples are based on research carried out by industry experts to illustrate just how vulnerable IoT devices can be. In the real world, IoT hackers have already taken down an oil rig, manipulated the controls at a German power plant, taken control of web cam baby monitors, forced thousands of printers to spew out racist flyers, stolen data and more. And IoT hacks are predicted to get much worse and more common.
Check out BullGuard IoT Scanner!