September 6, 2018 – Hopefully you protect your computers from cyber attacks. You might have anti-virus software on your phone, tablet, laptop or desktop. You might avoid using them to visit suspicious websites and carefully protect your various login details.
But it’s no longer just what we typically think of as computers that are connected to the internet and so at risk of cyber attacks. And if multiple devices are connected to the same network in your home or office, then if a hacker breaks into one machine they could gain access to all of them.
Security researchers recently claimed to have hacked into a computer network by sending a malicious fax. And there are many other seemingly unlikely ways a hacker can get access to your system. You might have a well-protected front door to the internet, but could someone get in by means of the recently installed cat flap in the conservatory?
Printers and baby monitors
Some devices we recognise as being related to our computers, but we don’t necessarily think of them as being connected to the internet. Nowadays, printers often have their own internet connection to allow them to talk to other devices in your home or office, often wirelessly.
This connection provides the first step for hackers to remotely access your network. Then they just need to get around any security controls and they can hack into not just the printer but the other devices connected to it. Printer vulnerabilities have been well documented, with one hacker claiming to have broken into 150,000 printers in order to raise awareness of their insecurity.
Similarly, many baby monitors and security cameras now connect to the internet to allow people to access them from outside the home. New York’s Department of Consumer Affairs issued a public warning about baby monitor security following a number of widely reported incidents of strangers’ voices being heard over them.
Toys and coffee makers
The creation of the so-called Internet of Things means it’s not just computer accessories that are now connected but also devices, appliances and objects that we traditionally don’t see as having anything to do with this kind of technology. And it seems that almost as soon as any device is connected to the internet, it gets hacked. Recent examples include cars, toys, thermostats, medical implants and even coffee machines.
A hacker who succeeds in communicating with one of these device can then conduct any number of possible attacks. They could disrupt communications, which would be irritating in the case of a coffee machine, but potentially life threatening in the case of a medical implant. They could also access data sent to the device, again probably uninteresting in the case of a toy, but potentially a security risk if someone can find out where your car is likely to be left unattended or when your home is empty (and your heating is off).
Intriguingly, even some devices that are not directly plugged into the internet can be hacked. As mentioned, it was recently reported that fax machines could be hacked by sending carefully crafted image files to them containing malicious code. When this image was converted into data for transmission within the internal computer network, the code hidden within this data was able to run and inflict its damage.
This method of intrusion, which any device with an external connection to the outside world is potentially vulnerable to, enables hackers to insert malicious software such as a virus into the computer networks connected to the device. This code might not just be used to attack the infiltrated network, but could also connect the devices on it to a wider distributed network of hijacked machines. The hackers could then use this collective computing power to steal passwords, search for bankcard details, bombard websites with requests for data in order to disrupt their service, or attack yet more computers.
Of course, just because something can be hacked does not mean that it will be. An expert user can use network security technologies such as firewalls and strong authentication methods to reduce the risks of outsiders attacking internet-connected devices. But most users are not experts and every device we connect creates a new opportunity for anyone trying to break into our computer systems.
As a society, we have to ask ourselves two big questions. First, what technology will it really benefit us to connect to the internet? A heart monitor that can be tracked by your doctor? Probably. A doll that can have sophisticated conversations but also records everything your child says? Less so.
Second, for those technologies we do want connected, how do we get device manufacturers to take their cyber security seriously? Most new internet-connected products lack the security of more traditional computers such as laptops and phones. The answer probably relies on market pressure, which always takes time to exert its influence. We can do our own part by asking questions about security before purchasing new devices but, ultimately, it’s suppliers who have to make their devices secure.
That said, just because your kettle can connect to the internet, does not mean that you have to let it do so. I fear, however, that we are going to be reading about insecure fridges and hackable toasters for a considerable time to come.