Also this year every citizen will spend an average of 250 dollars on Christmas presents. Gadgets like interactive toys, household appliances or networked entertainment are often found under the Christmas tree. Each of these products has hundreds of vulnerabilities that, in the worst case, could give hackers access to the IoT devices. The cyber attackers are then able to access networks, steal information, hack devices into their botnets.
The security experts tested a fictitious gift basket with a few products from renowned manufacturers. They found over 7,000 vulnerabilities. In most cases, out of date software with known vulnerabilities was used, sometimes even in the latest firmware. During the investigation, however, previously unknown vulnerabilities were identified, which were reported to the manufacturer. The experts also found inadequate maintenance access that allows hackers to remotely check the device. In the worst case, this means that the devices can spy on their owners or be used as weapons for cyber activities on other targets.
For example, manufacturers sometimes use unencrypted routes for their firmware updates. Cyber attackers can redirect the information and smuggle malware into the devices. With some devices, the user’s password is also saved in plain. In conjunction with other vulnerabilities, the password can easily be read out, and hackers could thereby gain unauthorized access. These are reasons why the weak points of IoT devices are now one of the main gateways for attackers during Christmas.
Find Out How Much Data You Provide To A Device
What does the device need this data for and where is it stored? Many devices work with face, voice recognition or take pictures and videos of your home, your family or your children. Ask yourself if a device really needs all of this data. Be aware of the attack surface. The range of Bluetooth is 5 to 10 m, with a connection it is up to a 100m.