Daily Management Review

More than 32 thousand "smart" houses under threat of hacker attack


08/24/2018


More than 49 thousand network protocols MQTT are widely available on the Internet because of incorrect configuration. Among them, more than 32 thousand servers are not password protected, according to a study by Avast, a cybersecurity software developer.



magerleagues via flickr
magerleagues via flickr
"Accessing and managing a smart home is frighteningly easy." There are still many obsolete and poorly protected protocols created at a time when security was not such an acute problem," said Martin Hron, Avast security specialist. Users should be aware of the security problems of connecting smart home devices to services that they do not quite understand, as well as the need to properly configure the system."

The MQTT protocol is used to connect and control smart home devices through the smart home management center. Users configure the server when installing the MQTT protocol. The server is usually based on a computer or a minicomputer, such as Raspberry Pi, to which devices can connect and interact.

The protocol itself is protected, but the incorrect configuration opens the door to hackers. Cybercriminals can get full access to the house to find out when their owners are at home, manage multimedia systems, voice assistants and home appliances, and also check if smart doors and windows are closed. Under certain conditions, they can even track the user's location, which can be a serious threat to privacy and security.

Open and unprotected smart homes can be found using the search engine Shodan IoT. Once connected, hackers will be able to read messages sent using the MQTT protocol. Avast specialists found that in this case, attackers can control connected devices or at least change data using the MQTT protocol on behalf of devices. Thus, an attacker can, for example, send messages to the control center for the smart house to open the garage door.

Experts have found that even if the server is protected, a smart house can be hacked, since many users use the smart home management software with a default configuration where password protection is often not available. This means that you can get full access to the monitoring panel of the smart house, and this will allow the hacker to control any device connected through it.

Avast specialists found that in some cases, hackers can monitor location of users, since MQTT servers usually focus on real-time data. Many servers are connected to the mobile application OwnTracks. With it, users can share their location with other users.

To configure the tracking function, users need to configure the application by connecting to the MQTT server and giving it access to the Internet. During this process, you do not need to enter login credentials, which means that anyone can connect to the MQTT server. Using latitude, longitude and altitude, as well as a timestamp, hackers can read messages that include information about the battery level of the device and the location.

source: computing.co.uk






Science & Technology

Germany Plans On Cyber Security Research To End Reliance On U.S. Tech

Fuchsia will kill Android by 2023: Top 5 facts about the new OS

New Study Finds Goats Interact More With Happy People

More than 32 thousand "smart" houses under threat of hacker attack

Internet addiction and children: Global plague

Apple takes up to develop Apple Watch for health monitoring

Hyperloop is growing in Europe

Analysts: US gamers prefer mobile games

Google Assistant Winner Of Head-To-Head Test Of Digital Assistants, Beats Siri And Alexa

Animals Can Burn Muscle To Supplement Body Water Needs, Finds A Study

World Politics

World & Politics

Foreign Experts To Be Allowed By North Korea For Permanent Destruction Of Missile Sites

Ireland recovers €14.3 billion from Apple

Is China going to cancel its birth limit policy?

The US is ready to start negotiations with China

US and China start 5G race

Is Czech Republic posing a threat to the European Union?

Myanmar Military Top Brass should be investigated and prosecuted for genocide: UN

France Needs To Recover From The Blow of Its Environment Minister’s Resignation