Moscow, June 24 — “News. The economy” on average, 40% of homes worldwide have at least one smart device, with millions of devices vulnerable due to outdated protocols, according to a study by Stanford University and Avast.
Avast company developing solutions in digital security, scanned 83 million devices in the Internet of things 16 million homes around the world, to understand how distributed IoT devices for safety from different manufacturers. The results were verified and analyzed by research groups in Avast and Stanford University.
About 40% of homes worldwide now have at least one IoT device. In North America this number is almost two times more, and is 66%, which leads to the increase of risks to cybersecurity. The results were published in a new research paper presented at the conference Usenix Security Conference 2019, “All Things Considered: An Analysis of IoT Devices on Home Networks”.
“A community of cybersecurity experts have long been discussing issues associated with IoT devices, says Zakir Durumeric, associate Professor of computer science at Stanford University. Unfortunately, these devices have remained hidden for home routers, and we had little information about the types of IoT devices in ordinary houses. The findings will help us understand what security issue can arise from smart devices.”
In the study, it was discovered that in total there are more than 14,000 manufacturers of smart devices, however, 100 of them produce 94% of all devices. Millions of devices (7% of the total) still use the older protocols such as FTP and Telnet, which makes them particularly vulnerable.
“The key conclusion of this study is that 94% of home Internet of things devices were manufactured less than 100 companies and half of them are only ten manufacturers, claims the Rājarṣis Gupta, head of Department of artificial intelligence. — It gives these producers a unique opportunity to provide consumers with access to devices with a high degree of confidentiality and security.”
15% of home routers that act as gateway to home network, is also using outdated reports and this is a serious problem. When routers have weak credentials, they can access to attack other devices and maybe the whole house.
Producers can help prevent the hacking of these devices by cybercriminals for espionage or denial of service attacks (denial of service). In this type of attacks cyber criminals are using vulnerable devices.
Modern smart devices support Telnet. However, research shows that monitoring devices and routers still support older protocols. Camera and baby monitors have the weakest profile of Telnet, along with routers and printers. Devices that support Telnet multiple and can participate in botnet attacks, such as Mirai.
Warning that with the advent of the Internet of things society will face serious challenges, it was possible to hear from an official “Internet Evangelist” of Google Vinton CERF, who believes that one of the biggest problems facing the Internet, comes from smart connected devices.
Vinton CERF is concerned about the growing number of household devices that connect to the Internet. Many of these gadgets, from cameras to cars with automatic control to connected thermostats and toasters, are already demonstrating serious software errors or security flaws.
“We are coming off this avalanche of devices… and they are potentially dangerous,” said Vinton CERF in an interview with Business Insider. “Software errors can cause malfunction of the devices, he continued. — This can lead to small problems: the light does not turn on or something like that. But the consequences can be much more serious.”
In addition, CERF describes the problem of addressing when each is directly connected to the Internet, your device must have a unique numeric address. When the Internet was launched, it supported 32-bit system addresses, that is, it can connect up to 4.3 billion devices.
When in the 1990s and the beginning of the Internet started to gain popularity, it became clear that 4.3 billion addresses is not enough. Engineering Council of the Internet began developing the sixth version of Internet Protocol, or IPv6 support for the 128-bit address system. However, the standard only started in 2012 “we Now see the need for 128-bit addresses. If I’d realized it sooner, then we wouldn’t have to bother with the adoption of IPv6,” says CERF.
Another important issue is the safety of the devices. Now some data is sent unencrypted, and this vulnerability is actively used by hackers. Confirmation of the identity of users remains a serious problem, and attackers continuously steal passwords to log into various resources, gaining access to confidential information.
Among the potential dangers which the CERF is worried, there may be those that are life threatening. For example, the driverless car, Internet-connected things can have an accident due to software errors or hacking.
Unlike PCs or smartphones, the market of smart gadgets there is no dominant operating system. While the vast majority use Linux, many versions of operating systems are in the process of development. Thus, Microsoft, Google or Apple can’t just release an update of the operating system and protect the vast majority of devices simultaneously.
Moreover, manufacturers often do not update the software underlying the Internet-the devices, especially older models, so that security holes and other flaws are frequently overlooked.
These holes have been used in the past. In 2016, the hackers found a vulnerability in the software for security cameras and have used connected devices to create a botnet with 1.5 million devices, which hackers have used to launch several large.
There are two ways to solve the problem with errors and unsafe connection, said CERF. One of them is to develop tools that can identify devices that are running software with bugs, and fix them. Another way is to help developers create software for the Internet of things, to find bugs before the release of the gadgets on the market.
Read more •••