Hackers are Targeting Your IoT Devices and Seeing and Hearing All Your Private Stuff!

The FBI is urgently warning consumers that their IoT devices are vulnerable to hackers who can tap into them using malware and see and hear everything you are doing.

The IoT Problem

Just about everyone nowadays has at least one Alexa device, a smart TV, Nest, or another automated thermostat along with a plethora of other internet-connected devices like smart locks, garage door openers, and even appliances. The problem is that the security on these devices is not even close to up to par with a normal computer or mobile device, leaving them vulnerable to hacking. 

The FBI warned that the lack of security means that hackers can do a “drive-by” and access everything on your network, including your TV, door lock, baby monitors, printers, and even listening devices and cameras. 

In a recent report from Guardicore, they warn about the dangers of a TV remote, especially those with voice control. The microphone can be used by hackers to listen in and record your most private conversations. They mentioned the Comcast XR11 voice remote that was involved in a recent hacking incident. In this attack, hackers used a man-in-the-middle method where they exploited the RF communication to connect to the set-top box and install malware pretending to be a firmware update. Experts claim this attack, nicknamed WarezTheRemote, was pretty easily achieved, and the hacker didn’t need anything except a cheap RF transceiver. During tests, Guardicore was able to hear clear conversations inside a house from 65 feet away. 

Guardicore worked with Comcast on devising a fix to secure this widely popular TV remote better. 

What the FBI Says About It

According to the FBI, at the very least, threat actors can change the channels on your TV, turn on inappropriate content, turn on/off lights in your house or change your thermostat temperature. More alarming, though, is once they gain access through an IoT device, they could potentially control your entire smart house watching you through a digital camera and listening to your every word through microphones. Your door locks, refrigerators, coffee makers, and more are at risk due to the connectedness of everything.

The worst-case scenario means hackers could control your entire network of computers, routers, and access your personally identifiable information (PII) for identity theft, fraud, and control all aspects of your life. A very real possibility is that they could even access your bank accounts, credit cards, and even send malicious emails through your accounts.

The FBI provides the following list of tips to minimize consumer risk using these devices:

•  “Understand your IoT devices. Many come with default passwords or open Wi-Fi connections, so change to a strong password and only allow the device to operate on a network with a secured Wi-Fi router.
• Protect your Wi-Fi networks—set up firewalls and use strong, complex passwords, and consider using media access control address filtering to limit the devices able to access your network.
• Many routers give you the option to set up more than one network—if yours does, separate your computing devices from your IoT devices and spread them throughout several different networks. That way, if cybercriminals break into one network, the damage they do will only be limited to the devices on that one network.
• Disable the Universal Plug and Play protocol (UPnP) on your router—UPnP can be exploited to access many IoT devices.
• Purchase IoT devices from manufacturers with a track record of providing secure devices, and set your devices for automatic updates when available.”

If you don’t believe the FBI, Microsoft reported that the first half of 2020 saw a 35% increase in IoT attacks when compared to the last quarter of 2019.