Exploiting Internet Connected Devices

Gone are the days when the only connections to the Internet were computers. Besides mobile devices like tablets and phones, many electronic gadgets now feature the ability to send and receive information via the Internet. This includes security cameras, home automation devices, sensors, photocopiers, even appliances like refrigerators and coffee machines.

All these devices depend on some sort of IT technology to know how to communicate with the Internet, and they are often reachable from the outside of a network. Although there are some protections, like passwords and credentials to try and make sure it is the correct users interfacing with the devices and not criminals, this does not always happen.

This can be due to weak passwords or retaining the default password which a device ships with. It can also be through weaknesses in the internal software which the device depends upon. Almost every piece of software has bugs, some of which can open paths to exploits. In PC’s, phones, and tablets, there are regular updates to patch those exploits when discovered, so the opportunity to sneak in is limited.

Connected devices, often lumped into the category of “Internet of Things”, or IoT, might be updatable, but most people do not have a regular regime to update IoT devices. Worse still, the software in a device might not be upgradeable. Depending on the device, price and other factors, the manufacturer might have eschewed the ability to update internal software. If an exploit is discovered for these items, they are often easy to sniff out by hackers and be compromised. This might be as simple (and embarrassing) as them taking over a security camera in a house or office. Or it might provide a path into a network and all the machines within.