Business

search ✕
  • 方案
    • 平台
      • Trend One
        我們的一體化平台

        連繫威脅防護及網絡風險管理

        進一步了解
    • 針對挑戰
      • 針對挑戰
        • 針對挑戰
          進一步了解
      • 了解、排序及緩解風險
        • 了解、排序及緩解風險

          以攻擊面管理改善風險狀況

          進一步了解
      • 保護雲原生應用程式
        • 保護雲原生應用程式

          促進業務成效的保安

          進一步了解
      • 保護您的混合雲
        • 保護混合及多重雲世界

          以保安取得視野及達致業務需求

          進一步了解
      • 保護您無遠弗屆的工作團隊
        • 保護您無遠弗屆的工作團隊

          有信心地從任何地方使用任何裝置進行連繫

          進一步了解
      • 消除網絡上的盲點
        • 消除網絡上的盲點

          保護整個環境內的用戶及主要運作

          進一步了解
      • 看得更多、行動更快
        • 查看更多案例。更快回應。

          採用特別設計及功能強大的 XDR、攻擊面風險管理及零信任功能來比對手行得更快。

          進一步了解
      • 擴展團隊的能力
        • 擴展團隊的能力 快速靈活回應威脅

          以主動風險縮減及託管式服務令效能最大化

          進一步了解
    • 針對職能
      • 針對職能
        • 針對職能
          進一步了解
      • 資訊保安長
        • 資訊保安長

          推動業務價值及可量度的網絡保安成果

          進一步了解
      • 保安運作中心主管
        • 保安運作中心主管

          看得更多、反應更快

          進一步了解
      • 基礎建設主管
        • 基礎建設主管

          進化您的保安,更快及更具效率地緩解威脅

          進一步了解
      • 雲架構師及開發師
        • 雲架構師及開發師

          確保程式碼按原本設計運行

          進一步了解
      • 雲端保安 Ops
        • 雲端保安 Ops

          透過為雲端環境設計的保安取得視野及管控

          進一步了解
    • 針對業界
      • 針對業界
        • 針對業界
          進一步了解
      • 醫療
        • 醫療

          保護病者資料、裝置及網絡,達致醫療法規要求。

          進一步了解
      • 製造業
        • 製造業

          保護工廠環境,包括傳統裝置以至尖端基礎建設

          進一步了解
      • 石油及天然氣
        • 石油及天然氣

          油氣業專用 ICS/OT 保安

          進一步了解
      • 電力設施
        • 電力設施

          電力設施專用 ICS/OT 保安

          進一步了解
      • 汽車製造
        • 汽車製造
          進一步了解
      • 5G 網絡
        • 5G 網絡
          進一步了解
  • 方案
    • 雲端保安
      • 雲端保安
        • Trend Cloud One
          雲端保安總覽

          最受開發師、保安團隊及商界信賴的雲端保安平台

          進一步了解
      • Workload Security
        • Workload Security

          以帶有 CNAPP 功能的雲端保安平台保護您的數據中心、雲端及容器,而無須犧牲系統效能或保安

          進一步了解
      • 雲端保安狀況管理
        • 雲端保安狀況管理

          發揮全面視野及快速修正的功效

          進一步了解
      • Container Security
        • 容器防護

          以先進的容器影像掃瞄、政策為基登入管制及容器運作期保護來簡化雲端原生應用程式的保安

          進一步了解
      • File Storage Security
        • File Storage Security

          利用雲端原生應用程式架構保護雲端檔案 / 物件儲存服務

          進一步了解
      • 用戶端防護
        • 用戶端防護

          保護每一階段的用戶端

          進一步了解
      • Network Security
        • Network Security

          先進的雲原生網絡保安可為單一與多重雲環境偵測、保護及阻截網絡威脅。

          進一步了解
      • 開放源碼保安
        • 開放源碼保安

          為 SecOps 開放源碼漏洞提供可視性及監控

          進一步了解
      • 雲端視野
        • 雲端視野

          隨著機構持續將資料及應用程式移往雲端,並進行資訊科技基建轉型,在不拖慢業務運作的情況下緩解風險就變得關鍵。

          進一步了解
    • Network Security
      • Network Security
        • 網絡保安總覽

          以網絡偵測與回應擴展 XDR 的能力

          進一步了解
      • 網絡入侵防禦
        • 網絡入侵防禦

          解決網絡上已知、未知及未公開的漏洞。

          進一步了解
      • 入侵偵測系統
        • 入侵偵測系統

          偵測及回應內向、外向及橫向移動的針對性攻擊

          進一步了解
      • 保護服務邊緣
        • 保護服務邊緣

          以持續風險評估重新定義可信任及安全的數碼轉型

          進一步了解
      • 工業控制系統及營運科技保安
        • 工業控制系統及營運科技保安
          進一步了解
    • 用戶端及電郵防護
      • 用戶端及電郵防護
        • 用戶端及電郵防護總覽

          Trend Micro Workforce One 在所有裝置、應用程式及任何地點保護您的用戶

          進一步了解
      • 用戶端防護
        • 用戶端防護
          進一步了解
      • Email Security
        • 電郵保安

          阻止釣魚、惡意程式、勒索程式、詐騙及針對性攻擊入侵您的企業

          進一步了解
      • Mobile Security
        • Mobile Security

          駐場及在雲端防護惡意程式、惡意應用程式及其他流動威脅

          進一步了解
    • 保安運作
      • 保安運作
        • 保安運作總覽

          取得整個現代化企業的完整視野

          進一步了解
      • 攻擊面風險管理
        • 攻擊面風險管理

          將零信任策略運作化

          進一步了解
      • 擴展式偵測與回應
        • 擴展式偵測與回應

          透過單一平台取得更廣闊視角及更詳盡背景,以便快速搜尋、偵測、調查及回應威脅

          進一步了解
      • 威脅情報
        • 威脅情報

          以持續性威脅預防及分析來領先威脅一步,保護您的重要資料。

          進一步了解
    • 中小型企業保安
      • 中小型企業保安

        全面阻截威脅及一勞永逸的防護

        進一步了解
    • 所有產品、服務及試用
      • 所有產品、服務及試用
        進一步了解
  • 研究
    • 研究
      • 研究
        • 研究
          進一步了解
      • 關於我們的研究
        • 關於我們的研究
          進一步了解
      • 研究、新聞及觀點
        • 研究、新聞及觀點
          進一步了解
      • 研究與分析
        • 研究與分析
          進一步了解
      • 網誌
        • 網誌
          進一步了解
      • 資訊保安新聞
        • 資訊保安新聞
          進一步了解
      • ZDI 漏洞懸賞計畫
        • ZDI 漏洞懸賞計畫
          進一步了解
  • 服務
    • 我們的服務
      • 我們的服務
        • 我們的服務
          進一步了解
      • 服務組合
        • 服務組合

          以全天候託管式偵測、回應及支援服務強化保安團隊

          進一步了解
      • Managed XDR
        • Managed XDR

          以專業的託管式偵測與回應(MDR)強化對電郵、用戶端、伺服器、雲端工作負載及網絡威脅的偵測。

          進一步了解
      • 支援服務
        • 支援服務
          進一步了解
  • 合作夥伴
    • 渠道業務夥伴
      • 渠道業務夥伴
        • 渠道業務夥伴總覽

          利用業界最佳的多層次保安來擴充業務及保護您的客戶

          進一步了解
      • 託管服務商
        • 託管服務商

          與領導業界的網絡保安專家合作,利用專為託管服務商設計的久經驗證方案

          進一步了解
      • 雲服務商
        • 雲服務商

          無論您使用甚麼平台,為您的雲服務加入領導市場的保安功能

          進一步了解
      • 專業服務
        • 專業服務

          透過領導業界的防護來增加營收

          進一步了解
      • 經銷商
        • 經銷商

          探索無限可能

          進一步了解
      • 市集合作夥伴
        • 市集合作夥伴
          進一步了解
      • 系統整合商
        • 系統整合商
          進一步了解
    • 策略聯盟夥伴
      • 策略聯盟夥伴
        • 策略聯盟總覽

          我們與最頂尖的廠商合作來協助您創造最大的績效與價值。

          進一步了解
      • 科技策略聯盟夥伴
        • 科技策略聯盟夥伴
          進一步了解
      • 我們的策略聯盟夥伴
        • 我們的策略聯盟夥伴
          進一步了解
    • 業務夥伴專用工具
      • 業務夥伴專用工具
        • 業務夥伴專用工具
          進一步了解
      • 合作夥伴登入
        • 合作夥伴登入
          登入
      • 培訓與認證
        • 培訓與認證
          進一步了解
      • 業務夥伴案例
        • 業務夥伴案例
          進一步了解
      • 香港澳門區分銷商
        • 代理商
          進一步了解
      • 尋找業務夥伴
        • 尋找合作夥伴
          進一步了解
  • 關於
    • 為何選擇趨勢科技
      • 為何選擇趨勢科技
        • 為何選擇趨勢科技
          進一步了解
      • 趨勢科技如何與眾不同
        • 趨勢科技如何與眾不同
          進一步了解
      • 用戶案例
        • 用戶案例
          進一步了解
      • 業界盛譽
        • 業界盛譽
          進一步了解
      • 策略聯盟
        • 策略聯盟
          進一步了解
    • 公司
      • 公司
        • 公司
          進一步了解
      • 互信中心
        • 互信中心
          進一步了解
      • 歷史
        • 歷史
          進一步了解
      • 多樣性、平等及包容性
        • 多樣性、平等及包容性
          進一步了解
      • 企業社會責任
        • 企業社會責任
          進一步了解
      • 領導地位
        • 領導地位
          進一步了解
      • 資訊保安專家
        • 資訊保安專家
          進一步了解
      • 網絡安全與網絡保安教育推廣
        • 網絡安全與網絡保安教育推廣
          進一步了解
      • 法務
        • 法務
          進一步了解
    • 資源
      • 資源
        • 資源
          進一步了解
      • 新聞中心
        • 新聞中心
          進一步了解
      • 活動
        • 活動
          進一步了解
      • 投資者
        • 投資人
          進一步了解
      • 徵求人才
        • 徵求人才
          進一步了解
      • 網上研討會
        • 網上研討會
          進一步了解
  • 免費試用
  • 聯絡我們
在尋找家居方案?
受到攻擊?
6 警示
未讀
全部
  • 網上研討會:Trend Vision One 示範系列 - 風險評分

    close

    馬上報名

  • 研究:代理伺服器軟件(Proxyware)程式如何令您暴露在風險中

    close

    進一步了解

  • 雲端防護:趨勢科技是認真的

    close

    延伸閱讀

  • 惡意程式:利用虛假職位針加密貨幣業界的攻勢

    close

    進一步了解

  • SecOps 網上研討會系列:認清風險

    close

    馬上報名

  • 趨勢科技收購專長於保安運作中心科技的 Anlyz

    close

    進一步了解

支援
  • 支援網站
  • 技術支援
  • 病毒與威脅協助
  • 續約與註冊
  • 培訓與認證
  • 聯絡支援團隊
  • 尋找支援合作夥伴
資源
  • 網絡風險指數 / 評估
  • CISO 資源中心
  • DevOps 資源中心
  • 【甚麼是?】
  • 威脅百科
  • 雲端健康評估
  • 網絡保險
  • 名詞解釋
  • 網上研討會
登入
  • 支援
  • 業務夥伴專用網站
  • Trend Micro Cloud One
  • 產品啟動及管理
  • 轉介夥伴
➔
search
✕
  • Security News
  • Internet of Things
  • Inside the Smart Home: IoT Device Threats and Attack Scenarios

Inside the Smart Home: IoT Device Threats and Attack Scenarios

July 30, 2019
  • Email
  • Facebook
  • Twitter
  • Google+
  • Linkedin

Download IoT Device Security: Locking Out Risks and Threats to Smart Homes Download IoT Device Security: Locking Out Risks and Threats to Smart Homes

By Ziv Chang, Trend Micro Research

A smart home is made up of a number of different devices connected to the internet of things (IoT), each with a specific set of functions. No matter how different these devices are from one another, they have the shared goal of streamlining the tasks and simplifying the lives of their users. Together they paint an enticing image of comfort and convenience. However, just as these devices have revolutionized home living, they have also given rise to new complications for home security.

We detail different smart home attack scenarios and discuss the different attack layers of IoT devices in our paper, "IoT Device Security: Locking Out Risks and Threats to Smart Homes." Here we give an overview of the possible attack scenarios for various smart home devices and suggest security solutions.

Inside a smart home

A smart home gives users extensive access to many aspects of their home, even from a remote location. For example, users can monitor their home in real time through a mobile app or web interface. They can also initiate certain actions remotely, such as communicating with their children using a smart toy or unlocking a smart lock for a trusted friend.

Smart home devices also provide automatic and chained functions that can make day-to-day living more convenient for users. For example, in the morning the smart coffee maker starts brewing before the users need to get up for work. Once the users are in the kitchen, the smart refrigerator alerts them that they are low on supplies, if it has not yet ordered the needed items. As the users go out the door, the smart lock automatically locks behind them. And now that the house is empty, the smart robot vacuum cleaner starts its scheduled cleaning.

This scenario and plenty of others are possible if users have good control and visibility over the deployed devices in their smart homes. But problems arise if this control and visibility, unbeknown to the users, shift to malicious actors.

Compromised devices in a smart home

Existing vulnerabilities, poor configuration, and the use of default passwords are among the factors that can aid a hacker in compromising at least one device in a smart home system. Once a single device is compromised, hackers can take a number of actions based on the capabilities and functions of the device. We illustrate some of them here.

Starting from the front door, there can be a smart lock. If compromised, the smart lock can give hackers control over who comes in or out of the house. The most obvious action available for hackers, then, would be to let intruders or accomplices in to the house, and another would be to lock out the actual residents.

Inside the living room, several other devices can be set up. One of these can be a smart speaker, which serves as the conduit for voice-initiated home automation commands. If compromised, a voice-activated device such as a smart speaker can allow hackers to issue voice commands of their own.

In the kitchen, devices like a smart refrigerator and a smart coffee maker can cause major issues if successfully hacked. Hackers can set up a smart refrigerator to register wrong expiration dates or order an immense amount of groceries online. And even a smart coffee maker can cause great inconvenience if commanded by hackers to brew coffee incessantly.

Smart devices can now also be found even in the bathroom, most commonly in the form of smart toilets. A smart toilet has different features, such as sensing the right amount of water for flushing waste, that can be very helpful for users. But hackers can use some of its features to make the device act up, by making the toilet flush repeatedly or let water flow continuously from the bidet.

Hover overTap warning sign for more info.

Specific members of the household can also be targeted depending on the device being compromised. In the case of children, compromised smart toys pose a particular risk. Hackers can, for example, communicate with the child directly or quietly record the child’s activities using the toy. Vulnerable smart toys illustrate how even items that are safe enough for child use can still cause harm if compromised.

Smart bulbs can be installed all around the house, from the basement to the attic. They can be turned on or off depending on the time of day or amount of movement or ambient light detected. But hackers can use these seemingly simple devices to disturb residents, by switching them on at inconvenient times, among other actions.

Devices like smart robot vacuum cleaners, which have some mobility around the house, can provide hackers information about the home’s layout. This information can be used by the hackers in planning further activities and movements.

The point where smart devices are connected can also prove useful for hackers. Hackers can use the home gateway to redirect or modify connections to their advantage. This demonstrates that anything connected to the smart home network can be as useful to a resourceful hacker as it is to the actual owner.

Outside a smart home

Although our discussion of compromise and its consequences has centered on smart homes, the same problems can exist anywhere vulnerable or misconfigured devices are deployed. The consequences of a successful attack on a particular IoT system depend on the kind of environment the system is used for.

Many, if not all, of the devices mentioned above can easily be seen in an enterprise setting. An office pantry or break room, for example, can contain a smart refrigerator and a smart coffee maker. And smart bulbs certainly will not be out of place in an enterprise, especially as they can help the business conserve energy if deployed on a large scale.

Portable and wearable smart devices add another layer of complexity to IoT security concerns, as these devices traverse both enterprise and home environments, and have even given rise to updates on many companies’ “bring your own device” (BYOD) policies. These devices, such as smartwatches and smart yoga mats, are typically brought by users to the office, and then brought back home at the end of the work day. A malware infection picked up in one environment, for example, can spread to the other if the BYOD policies in place are weak or if adequate security measures are not taken to prevent such a threat.

Securing smart devices

More than showing what hackers can do with smart devices, these scenarios show how deeply the IoT has become integrated in people’s lives. This is apparent in how there is an applicable IoT device for every part of a home, from the living room and the kitchen to the bathroom and the attic. This deep involvement in people’s lives is what makes IoT attacks both viable for hackers and impactful for users. Arguably, nowhere have cyberthreats been more potentially invasive and personal than in smart homes.

It is all the more reason, then, for users to secure the IoT devices in their smart homes. Here are some security measures that users can take to protect and defend their smart homes against attacks on IoT devices:

  • Map all connected devices. All devices connected to the network, whether at home or at the enterprise level, should be well accounted for. Their settings, credentials, firmware versions, and recent patches should be noted. This step can help assess which security measures the users should take and pinpoint which devices may have to be replaced or updated.
  • Change default passwords and settings. Make sure that the settings used by each device are aligned toward stronger security, and change the settings if this is not the case. Change default and weak passwords to avoid attacks like brute force and unwanted access.
  • Patch vulnerabilities. Patching may be a challenging task, especially for enterprises. But it is integral to apply patches as soon as they are released. For some users, patches may disrupt their regular processes, for which virtual patching could be an option.
  • Apply network segmentation. Use network segmentation to prevent the spread of attacks, and isolate possibly problematic devices that cannot be immediately taken offline.

Read our paper, “IoT Device Security: Locking Out Risks and Threats to Smart Homes,” for more on this topic, including descriptions of other attack scenarios, a discussion of the different attack layers of an IoT device, and further security steps users can follow to keep their smart homes safe.


HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Posted in Internet of Things, Research, Vulnerabilities, Exploits, Device Management

Related Posts

  • Rethinking Tactics: Annual Cybersecurity Roundup 2022
  • Trend Micro Security Predictions for 2023: Future/Tense
  • Uncovering Security Weak Spots in Industry 4.0 CNC Machines
  • Leaked Today, Exploited for Life: How Social Media Biometric Patterns Affect Your Future
  • Bridging Security Gaps in WFH and Hybrid Setups

Recent Posts

  • Ransomware Spotlight: TargetCompany
  • Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
  • Preventing an Imminent Ransomware Attack With Early Detection and Investigation
  • Inside the Halls of a Cybercrime Business
  • Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases

We Recommend

  • Internet of Things
  • Virtualization & Cloud
  • Ransomware
  • Securing Home Routers
  • Uncovering Security Weak Spots in Industry 4.0 CNC Machines
    • Leaked Today, Exploited for Life: How Social Media Biometric Patterns Affect Your Future
    • 5G and Aviation: A Look Into Security and Technology Upgrades Working in Tandem
  • Analyzing the Risks of Using Environment Variables for Serverless Management
    • An Analysis of Azure Managed Identities Within Serverless Environments
    • Using Custom Containers in Serverless Environments for Better Security
  • Ransomware Spotlight: Royal
    • Rethinking Tactics: Annual Cybersecurity Roundup 2022
    • Understanding Ransomware Using Data Science
  • Alexa and Google Home Devices can be Abused to Phish and Eavesdrop on Users, Research Finds
    • Mirai Variant Spotted Using Multiple Exploits, Targets Various Routers
    • A Look Into the Most Noteworthy Home Network Security Threats of 2017

Annual Cybersecurity Roundup 2022

Rethinking Tactics: Annual Cybersecurity Roundup 2022

Our annual cybersecurity report sheds light on the major security concerns that surfaced and prevailed in 2022.
View the report

免費試用我們的服務 30 天

  • 開始免費試用

資源

  • 網誌
  • 新聞中心
  • 威脅報告
  • DevOps 資源中心
  • CISO 資源中心
  • 尋找業務夥伴

支援

  • 商務支援專用網站
  • 聯絡我們
  • 下載
  • 免費試用

關於趨勢科技

  • 關於我們
  • 徵求人才
  • 營業點
  • 即將舉行的活動
  • 互信中心

選擇國家 / 地區

✕

美洲

  • 美國
  • 巴西
  • 加拿大
  • 墨西哥

中東及非洲

  • 南非
  • 中東與北非

歐洲

  • 比利時
  • 捷克
  • 丹麥
  • 德國、奧地利、瑞士
  • 西班牙
  • 法國
  • 愛爾蘭
  • 意大利
  • 荷蘭
  • 挪威
  • 波蘭
  • 芬蘭
  • 瑞典
  • 土耳其
  • 英國

亞太地區

  • 澳洲
  • Центральная Азия(中亞洲)
  • 香港(英文)
  • 香港(中文)
  • 印度
  • 印尼
  • 日本
  • 南韓
  • 馬來西亞
  • Монголия(蒙古)及 рузия(格魯吉亞)
  • 新西蘭
  • 菲律賓
  • 新加坡
  • 台灣
  • 泰國
  • 越南

私隱 | 法務 | 無障礙支援 | 網站地圖

© 2023 年趨勢科技版權所有.本公司保留所有權利