IoT Inspection

Reading some information online, I come across a recent project from Princeton University, they have released a tool called IoT Inspector which analyzes the security and privacy of IoT devices.   Now the results as im sure you can imagine are very shocking, they have already used the tool to study a wide range of available devices, you can read the full post on there blog here.

However a very brief summary of what they found is basically that IoT devices lack basic encryption and authentication, user behavior can be interfered with, many IoT devices contact large and diverse third parties and smart home device traffic is predictable.  I guess a lot of use had an underline thought that this sort of thing happened, but some of the actual results are a little surprising, below is a brief summary of some of the IoT devices and what it is they do.

• Samsung Smart TV. During the first minute after power-on, the TV talks to Google Play, Double Click, Netflix, FandangoNOW, Spotify, CBS, MSNBC, NFL, Deezer, and Facebook—even though we did not sign in or create accounts with any of them.
• Amcrest WiFi Security Camera. The camera actively communicates with cellphonepush.quickddns.com using HTTPS. QuickDDNS is a Dynamic DNS service provider operated by Dahua. Dahua is also a security camera manufacturer, although Amcrest’s website makes no references to Dahua. Amcrest customer service informed us that Dahua was the original equipment manufacturer.
• Halo Smoke Detector. The smart smoke detector communicates with broker.xively.com. Xively offers an MQTT service, which allows manufacturers to communicate with their devices.
• Geeni Light Bulb. The Geeni smart bulb communicates with gw.tuyaus.com, which is operated by TuYa, a China-based company that also offers an MQTT service.

The Mirai botnet used hacked IoT devices to conduct distributed denial of service (DDoS) attacks on critical Internet infrastructure. Most owners of these devices had no idea that their security cameras or DVRs were participating in the attack.  Is this the new attack surface we are now looking at, maybe a lot of this is of no surprise but its surley now something that needs addressing in the world we live in before sky-net takes over the world and we are forced to live underground 🙂