By now, we must all be aware that Cyber Security is a prominent issue – we recently heard mainstream news reports about Ransomware hitting the NHS and often hear about the latest data theft of millions of passwords or credit cards.
To prevent such issues, businesses are advised to keep systems up to date through informative schemes such as the NCSC’s Cyber Essentials. You can read our helpful blog post which explains how to get started with Cyber Essentials.
Home users should be starting to get the message about keeping our devices up to date, choosing good passwords, and even using two factor authentication where possible.
But do we spend sufficient time thinking about the products or services we buy?
Hackers Targeting IoT Devices
You may have heard about the Samsung TVs/Google Home devices that listen to your conversations, but fewer will know about the children’s toys that can be hacked to swear at you. This article explains how the doll can be hacked by gaining access to the developer options through the connected device, and modifying the responses. The hacker accessed the child’s device as it wasn’t built with security features like passwords in mind.
Most children’s devices will have a weak password or no password at all. This highlights the importance of checking that your child’s device is built securely and has ability to add strong password protection. You should always check before you buy an IoT device that it doesn’t have a history of bad security, as well as doing a background check on the supplier’s security credentials.
Similarly, hackers have recently developed a cheap iPhone cable that hacks your phone. The O.MG cable has been successfully outsourced to a factory, and looks just like an official Apple charger. When plugged into a computer, the cable contains a wireless hotspot that hackers can connect to. This then gives them access to the files on the computer and the ability to run commands.
Although the O.MG cable hasn’t been released to the public yet, it highlights the importance of checking the legitimacy of your supplier and their security.
What can consumers do to protect themselves?
As IoT devices are becoming ever more popular, cyber criminals are becoming even smarter. They are repeatedly finding cracks in the system, through security flaws and outdated software within the supply chain.
As consumers, we need to start thinking about security when we buy a new product. It is important to look into the supply chain and analyse their security measures.
Colin Robbins, Managing Security Consultant at Nexor, has revealed his top three tips when researching the supply chain of an IoT device.
What security claims do the suppliers make? Is this just their marketing folk making stuff up, or is there any verifiable evidence to support the claims?
Does the supplier have a good track record? You can Google the product name + “security” to see if there are any known issues.
Only when we, the consumers, start to shun products that don’t take security seriously, will the suppliers start to take it seriously. Be vigilant, be aware, and be safe.