How would you feel if everywhere you go, even the hospital, your own home or restroom, you were surrounded by spies and hackers, even without a smartphone?
We are somewhat aware of the risks when using an internet-connected computer or phone. But as the Internet of Things (IoT) evolves, the ecosphere of the internet is expanding dramatically. Hackers are VERY aware of this and chomping at the bit as new opportunities appear EVERYWHERE. The biomedical devices at your doctor’s office or hospital. The appliances in your home. Your modes of transportation. Your self driving car.
The Hacker News reports that
Security researchers from SEC Consult found that the lazy manufacturers of home routers and Internet of Things (IoT) devices have been re-using the same set of hard-coded cryptographic keys, leaving around 3 millions of IoT devices open to mass hijacking.
How were the keys discovered? By what is described as a “hacker-friendly” search engine called Censys. Google is providing the infrastructure.
An MIT paper entitled A Search Engine for the Internet’s Dirty Secrets
describes the concept:
“We’re trying to maintain a complete database of everything on the Internet,” says Zakir Durumeric, the University of Michigan researcher who leads the open-source project.
From the Censys.io website:
You can search for records that meet certain criteria (e.g., IPv4 hosts in Germany manufactured by Siemens, or browser trusted certificates for github.com), generate reports on how websites are configured (e.g., what cipher suites are chosen by popular websites?), and track how networks have patched over time.
Like most tools, the intent is good, but can be used for good or evil. One thing it has done is highlight the expanding security vulnerabilities as more and more devices become internet-connected.
A security firm, Duo Security, has used the software to discover a vulnerability in Dell computers and found find that a Kentucky water plant’s control system was affected, and the Department of Homeland Security stepped in.
As the internet expands it’s territory, more than ever it is important to think about security, especially the grade of security that BlackBerry and QNX technology offer to the IoT.