2 min read

Bypassing Restrictions Is in Hacker’s Job Description

Ionut ILASCU

December 14, 2017

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Bypassing Restrictions Is in Hacker’s Job Description

Some weak spots in Internet of Things devices are easier to notice than others. Even if a connected gadget lacks obvious vulnerabilities, it doesn’t mean the product is secure. Hackers looks at their target from different angles when trying to take control of it, searching for cracks they can exploit.

A common method an attacker uses to hijack a device exposed online is to try to log in using the default username and password. Mirai and similar IoT botnets have been built on weak and factory settings. Changing the credentials is the very first thing you do when you start configuring a smart gadget. The action does not guarantee protection against online attacks, but it does make a hacker’s task more difficult. However, many people skip this step, and threat actors know it.

If the front door is too strong to knock down, intruders can scan for a potential back entry. When they find one, they try to trick the system into accepting malicious commands or scripts and execute them, preferably with elevated privileges. Any security flaw is an opportunity to add new, unwanted functionality or to gain access deep into the network.

Hackers can look for directory traversal bugs, test for cross-site request forgery and cross-site scripting holes to reach sensitive areas and make unauthorized changes without having to authenticate. Attackers also check whether the manufacturer was diligent in implementing security measures and target scripts in charge of processing configuration changes, to see if they ask for authentication. In some cases, credentials may be requested only when the user interacts with the web interface, leaving the scripts that run the requests unprotected.

Although attackers’ methods can vary, the consequences most often include unauthorized access to the device that could lead to the loss of personal files or the compromise of other systems on the network. Bitdefender BOX can protect any connected product on your network, regardless of brand, purpose or size. It looks at the network traffic and blocks intrusion attempts before they do any damage.

A software solution to monitor the security of the Internet of Things devices at home is Bitdefender Home Scanner, which recognizes the gadgets and tells you whether they are vulnerable, what the weaknesses are and what you can do to fix them. The application is inconspicuous and pops into view when it detects a new product connected to the network.

tags


Author



You might also like

Bookmarks


loader