[February 27, 2017] |
|
Avast Exposes Internet of Things Attack Risk in Barcelona, Home of Mobile World Congress 2017
Avast, the leader in digital security products for consumers and
businesses, today reveals the findings from its latest research
experiment into smart devices, including public and private webcam
vulnerabilities in Spain, and, specifically, in Barcelona. Avast
identified more than 22,000 webcams and baby monitors in the city that
are vulnerable to attack, which means that cybercriminals could
livestream the videos directly to the internet. The findings identified
more than 493,000 smart devices in Barcelona and 5.3 million in Spain
overall - including smart kettles, coffee machines, garage doors,
fridges, thermostats and other IP-connected devices - that are connected
to the internet and vulnerable to attacks.
This Smart News Release features multimedia. View the full release here:
http://www.businesswire.com/news/home/20170227005485/en/
Many IoT devices are vulnerable to cyberattacks (Photo: Business Wire)
As webcams and other devices are vulnerable, there are a range of
security, legal and privacy concerns to be addressed. Snoopers could
easily access and watch Mobile World Congress (News - Alert) visitors and Barcelona
residents in private and public spaces, and stream the video directly to
the internet, or turn the device into a bot. With hundreds or thousands
of vulnerable devices, cybercriminals can create a botnet to attack and
take down servers and websites. When a device is infected, it can also
be used to infect other devices, to add them to a botnet, or to take
control over them and do harm to their owner. This includes kitchen and
other household devices, to which cybercriminals can give remote orders,
for example, to heat up water in a kettle.
Smart device manufacturers also collect and store private user data,
including behavioral data, contact information, and credit card details,
which poses an additional risk if intercepted by cybercriminals. And
while the problem is in no way confined to Barcelona, Spain, or indeed
to webcams, it is particularly challenging for the city as it is hosting
thousands of mobile and technology industry executives at Mobile World
Congress 2017 this week.
In the experiment, Avast found:
-
More than 5.3 million vulnerable sart devices in Spain, and more than
493,000 in Barcelona
-
More than 150,000 hackable webcams in Spain and more than 22,000 in
Barcelona
-
More than 79,000 vulnerable smart kettles and coffee machines in Spain
-
More than 444,000 devices in Spain using the Telnet network protocol,
which is a type of protocol that has been abused to create the Mirai
botnet which attacked Dyn in 2016, leading to the crash of Internet
sites like Twitter (News - Alert), Amazon, Reddit, etc.
Conducted in partnership with IoT search engine specialists Shodan.io,
the experiment proves just how easy it is for anyone - including
cybercriminals - to scan IP addresses and ports over the Internet and
classify what device is on each IP address. And, with a little extra
effort and know-how, hackers can also find out the type of device
(webcam, printer, smart kettle, fridge and so on), brand, model and the
version of software it is running.
"With databases of commonly known device vulnerabilities publicly
available, it doesn't take a vast amount of effort and knowledge for
cybercriminals to connect the dots and find out which devices are
vulnerable," comments Vince Steckler, CEO at Avast. "And even if the
devices are password protected, hackers often gain access by trying out
the most common user names and passwords until they crack it."
Avast's latest research experiment highlights a serious and growing
problem which, unless addressed, will only worsen in line with the
increasing number of devices connected to the Internet.
Vince Steckler, Avast, continues: "If webcams are set to livestream for
example, hackers or anyone can connect, making it easy for
cybercriminals to spy on innocent Mobile World Congress trade show
visitors, or oblivious school pupils, workers or citizens nearby. That
in itself is a privacy minefield, although what is far more likely is
the possibility of a cybercrook hijacking an insecure webcam, coffee
machine or smart TV to turn it into a bot which, as part of a wider
botnet, could be used in coordinated attacks on servers to take down
major websites. In the future, we could also see cases where
cybercriminals harvest personal data, including credit card information
from unsuspected IoT users."
To be aware of vulnerabilities and secure all connected devices against
unwanted attacks, users need to contribute to making the online world a
safer place by keeping software updated and choosing strong, complex
passwords. Additionally, Avast is soon set to launch a new feature in
its Avast Wi-Fi Finder Android (News - Alert) app. Avast Wi-Fi Finder lets users find
secure and high-speed Wi-Fi when on the go. In the new version, the app
automatically will scan Wi-Fi networks for vulnerable devices, and
allows users to address any security issues by providing step-by-step
remediation instructions.
Avast Wi-Fi Finder is available on Google (News - Alert) Play at https://play.google.com/store/apps/details?id=com.avast.android.wfinder,
and will be updated with the new scanner feature in summer.
At Mobile World Congress 2017 in Barcelona Avast CEO Vince
Steckler will address IoT risks and show in a live demo how IoT devices
can be infected, and become part of a botnet. His speech will take place
on Wednesday, March 1, from 2:15pm at Fira Gran Via Conference Facility
Hall 4, Auditorium 2.
Avast is discussing mobile and IoT threats, and its solutions that
address these at the congress, in hall 2, booth no. 2G13.
About Avast
Avast (www.avast.com),
the global leader in digital security products for businesses and
consumers, protects over 400 million people online. Avast offers
products under the Avast and AVG brands that protect people from threats
on the internet and the evolving IoT threat landscape. The company's
threat detection network is among the most advanced in the world, using
machine learning and artificial intelligence technologies to detect and
stop threats in real time. Avast digital security products for Mobile,
PC or Mac are top-ranked and certified by VB100, AV-Comparatives,
AV-Test, OPSWAT, ICSA Labs, West Coast Labs and others. Avast is backed
by leading global private equity firms CVC Capital Partners and Summit
Partners.
View source version on businesswire.com: http://www.businesswire.com/news/home/20170227005485/en/
[ Back To Mobile World Congress's Homepage ]
|