Monitor and secure your home IoT appliances

En Guarde!

Article from Issue 271/2023
Author(s):

Many IoT devices are so poorly protected against attacks that it is easy for an intruder to slip inside. With the right tools and best practices, you can bar the door.

The "S" in IoT stands for security – as a common saying goes. The recent history of IoT development is paved with absurd examples of security falling by the wayside. One oft-reported tale tells of a Bluetooth-controllable water closet with the pairing code 0000 that could not be changed. Another example is the smart breast pump that unexpectedly turned innocent mothers into botnet operators. But all the horror stories have not diminished the success of IoT. The army of smart helpers in households is growing all the time. Smart lights, smart thermostats, smart ovens, smart sockets, smart coffee machines …

As always: New technology brings the potential for misuse. In the context of IoT, many users do not understand the threat scenario posed by potentially problematic devices. For instance, what would an attacker gain from taking control of a smart washing machine? But things are different if you look at smart blinds and, above all, smart lighting control. Anyone who gains access to your Philips Hue configuration (Figure 1) can see when you are at home and, more ominously, when you are not. This information is a wonderful tool for planning break-ins. Insecure thermostats on radiators can also become a problem; imagine if a mischievous teenager or angry neighbor could turn your apartment into a sauna. If they do this in a clever way and then change the access credentials for the thermostat control center, your heating will keep running at full blast without you being able to do anything about it.

Figure 1: Smart lighting devices like Hue lamps by Philips usually use Zigbee to communicate. Using Zigbee reduces the attack vector, but the need for a hub means you still face some residual risk. © Philips

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • OpenVAS

    If you prefer to travel light and free, try OpenVAS, a GPLed fork of the Nessus scanning tool.

    more »
  • Network Scanner OpenVAS 2.0 Enters Beta

    Beta test of the Open Vulnerability Assessment System (OpenVAS) is targeted at experienced users and developers of security solutions.

    more »
  • OpenVAS

    The more IT infrastructure complexity increases, the more indispensable vulnerability scanners become. If you are not interested in retaining the consulting services of a professional hacker, you might want to entrust the task of detecting vulnerabilities to a specialized software tool, such as OpenVAS.

    more »
  • OpenVAS and Greenbone

    OpenVAS scans your systems and discovers potential security problems. If you want to wield the power of OpenVAS without becoming a security expert, use the handy Greenbone user interface tool.

    more »
  • Suricata

    Snort isn't the only free intrusion detection tool in the barnyard. We'll show you a powerful and promising alternative known as Suricata.

    more »
comments powered by Disqus