Attack On Smart TVs
Threats in the smart home are due to weak security mechanisms of IoT hardware.
The findings of the new IoT Security Landscape Report from Bitdefender and NETGEAR are based on threat intelligence from approximately 120 million IoT devices that generated 3.6 billion security events in 2022. The cybersecurity implications of such systems are growing in importance: first for end users in their homes, and second for the IT infrastructure of organizations, whose boundaries are becoming increasingly unclear and confusing due to new hybrid work models on the go or in employees’ living rooms.
Key finding
- Home networks suffer an average of eight attacks against their hardware every day.
- The most vulnerable IoT devices in the smart home are smart TVs, accounting for 52 percent of all vulnerabilities. Other devices follow at a considerable distance: smart sockets, which are increasingly in demand in times of energy crisis, take second place with 13 percent, ahead of routers with 9 percent. They are followed by digital video recorders with 8 percent.
- Hackers use a wide variety of techniques to attack IoT hardware. 84 percent of attacks rely on denial-of-service (DoS) approaches (e.g., port scanning), which are used to probe devices for vulnerabilities while the devices may still continue to serve. 11 percent of tactics target sensitive data.
- DoS also tops the list for actual effects of an attack. In 31 percent of cases, devices stop working. Overflow attacks occur in 29 percent of attacks. This is followed by malicious code execution (12 percent), memory corruption (10 percent), gaining privileges (7 percent) and spying on information (4 percent).
- In most cases, attackers target already known vulnerabilities for which malware already exists in toolkits for automated attacks. For example, the Double Pulsar vulnerability (CVE-2021-0143) is still a popularly exploited vulnerability by cybercriminals.
- According to the study, the average household in Europe has around 25 devices connected to the Internet.
Complete control over smart hardware
One of the main factors behind smart home threats is the weak security mechanisms of IoT hardware. This allows hackers to use these devices for denial-of-service attacks, to spy on personal information, or to gain complete control over the smart hardware itself. In addition, IT security risks also entail physical risks associated with lighting, access control, and monitoring devices.
The fact that cybercriminals use automated scans to look for vulnerable devices and launch attacks means that every household is affected to the same degree. No one can say they are too unimportant to fall victim to an attack. When employees from the home office dial into the corporate network via their routers or smartphone, the boundaries between private and corporate IT disappear.
To detect attacks, Bitdefender’s IT security technologies primarily use conspicuous behavior protection, network attack analysis and methods to assess the reputation of IP addresses.
No improvement in the situation in sight
According to the experts, the security situation will remain critical for the time being. For example, the number of IoT devices is increasing. Hackers, for their part, will continue to intensify their activities to build botnets for distributed denial-of-service attacks: This includes investing in exploiting and creating persistent mechanisms that expand the base of infected devices for botnets, for example. Before the situation improves, it will get worse in 2023. Manufacturers are too slow to respond with updates to disclose security vulnerabilities. New regulations such as the EU Cyber Resilience Act, will also not provide immediate relief. Regulations that seek to mandate new cybersecurity standards for solutions are unlikely to be enforced before 2025.
Self-help measures
– Home users and corporate employees should know which IoT devices they are using on their networks and keep them up to date. They should replace older devices that are no longer supported with successor models.
– Any smart hardware should be part of a dedicated guest network to isolate it from the main network.
– Devices should be patched with any new firmware that becomes available.
– Users should use routers and gateways with security features.
– A smart home scanner scans the home network for devices with vulnerabilities.
– Users should not connect local area network (LAN) devices to the Internet without necessity.