Daily Management Review

More than 32 thousand "smart" houses under threat of hacker attack


08/24/2018


More than 49 thousand network protocols MQTT are widely available on the Internet because of incorrect configuration. Among them, more than 32 thousand servers are not password protected, according to a study by Avast, a cybersecurity software developer.



magerleagues via flickr
magerleagues via flickr
"Accessing and managing a smart home is frighteningly easy." There are still many obsolete and poorly protected protocols created at a time when security was not such an acute problem," said Martin Hron, Avast security specialist. Users should be aware of the security problems of connecting smart home devices to services that they do not quite understand, as well as the need to properly configure the system."

The MQTT protocol is used to connect and control smart home devices through the smart home management center. Users configure the server when installing the MQTT protocol. The server is usually based on a computer or a minicomputer, such as Raspberry Pi, to which devices can connect and interact.

The protocol itself is protected, but the incorrect configuration opens the door to hackers. Cybercriminals can get full access to the house to find out when their owners are at home, manage multimedia systems, voice assistants and home appliances, and also check if smart doors and windows are closed. Under certain conditions, they can even track the user's location, which can be a serious threat to privacy and security.

Open and unprotected smart homes can be found using the search engine Shodan IoT. Once connected, hackers will be able to read messages sent using the MQTT protocol. Avast specialists found that in this case, attackers can control connected devices or at least change data using the MQTT protocol on behalf of devices. Thus, an attacker can, for example, send messages to the control center for the smart house to open the garage door.

Experts have found that even if the server is protected, a smart house can be hacked, since many users use the smart home management software with a default configuration where password protection is often not available. This means that you can get full access to the monitoring panel of the smart house, and this will allow the hacker to control any device connected through it.

Avast specialists found that in some cases, hackers can monitor location of users, since MQTT servers usually focus on real-time data. Many servers are connected to the mobile application OwnTracks. With it, users can share their location with other users.

To configure the tracking function, users need to configure the application by connecting to the MQTT server and giving it access to the Internet. During this process, you do not need to enter login credentials, which means that anyone can connect to the MQTT server. Using latitude, longitude and altitude, as well as a timestamp, hackers can read messages that include information about the battery level of the device and the location.

source: computing.co.uk






Science & Technology

Porsche, Boeing set to develop flying electric car

Samsung to invest $ 11 billion in new generation displays

US is betting on Nokia and Ericsson to replace Huawei

UPS becomes first to receive full regulatory approval for UAV shipping in USA

NASA orders Lockheed Martin to build spacecraft to fly to the Moon

Hyundai to create joint venture for unmanned vehicles

Bain & Company: E-wallets and cheaper transactions are new payment trends

Is UAV drone industry falling into decay?

UK Scotland Yard employs AI to deal with frauds

US sets to fight robocalls outbreak

World Politics

World & Politics

Dominican Republic lost $ 200 million because of scandal with tourists death

France: We will take measures to protect our military in Syria

Paralyzed Hong Kong: Protests don't fade

Johnson unveils Brexit compromise deal considering Irish issue

African swine fever at Europe’s borders: time for an embargo?

Saudi Crown Prince Says Khashoggi’s Murder Happened Under His Watch

Will Merkel restore her "Climate Chancellor" image?

Venezuelan opposition to receive $ 52 mln from USA