FBI Issues Alert on the Security of Internet of Things (IoT) Devices

[Exterminator]

Content source

http://news.softpedia.com/news/fbi-issues-alert-on-the-security-of-internet-of-things-iot-devices-491566.shtml

The FBI also publishes a set of recommendations
The FBI has issued a public service announcement (PSA) regarding the state of Internet of Things devices, and their current abysmal security measures.

After in the past two months alone we saw security researchers take apart smart devices like fridges, baby monitors, sniper rifles, electric skateboards, gas stations, and smart cars, these incidents have also been noted at the FBI's headquarters.

In a statement which aims to raise awareness and instruct users and enterprises about the dangers of working with IoT-enabled devices, the FBI is preaching caution all the way.

"Deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices," says the FBI PSA. "Criminals can use these opportunities to remotely facilitate attacks on other systems, send maliciously and spam e-mails, steal personal information, or interfere with physical safety."

The FBI is warning users and enterprises
The FBI is specifically warning against common entry points for this kind of attacks, alerting on the usage of default hard-coded passwords, security oversights, and poorly configured devices.

Additionally, the Bureau is sounding an alarm against the exploitation of the IoT device's Universal Plug and Play protocol (UPnP), a set of functions and operations used to remotely connect and communicate over a network without authentication.

As the FBI is describing, attacks of this kind can result in cases where the device is intentionally damaged and rendered useless, the device's malfunction causes physical harm to nearby persons, and situations in which damaged IoT devices cause financial losses.

The FBI's recommendations
The Burea recommends that businesses and users should first and foremost disable UPnP on their internal network's routers, keep all devices updated to their latest firmware and software versions, change all default passwords, and only purchase devices from known manufacturers.

Additionally FBI's security experts recommend that IoT devices should operate on their own protected network, separated from regular user traffic, and databases where sensitive information is stored.

Users and businesses should also reevaluate if they are using the device for its native functions alone, and if the IoT capabilities are actually being used, which translates into "stop buying things you don't use!"

 

[Deleted member 178]

I wonder what the point of hacking a sniper rifle...the gun won't spin around with a 180° and shoot the user.

New techs always comes with security holes anyway.

"Real snipers dont need computed rifles, they shoot with their mind" - Solid Snake