Business

search close
  • 方案
    • 針對挑戰
      • 針對挑戰
        • 針對挑戰
          進一步了解
      • 了解、排序及緩解風險
        • 了解、排序及緩解風險

          以攻擊面管理改善風險狀況

          進一步了解
      • 保護雲原生應用程式
        • 保護雲原生應用程式

          促進業務成效的保安

          進一步了解
      • 保護您的混合雲
        • 保護混合及多重雲世界

          以保安取得視野及達致業務需求

          進一步了解
      • 保護您無遠弗屆的工作團隊
        • 保護您無遠弗屆的工作團隊

          有信心地從任何地方使用任何裝置進行連繫

          進一步了解
      • 消除網絡上的盲點
        • 消除網絡上的盲點

          保護整個環境內的用戶及主要運作

          進一步了解
      • 查看更多案例。更快回應。
        • 查看更多案例。更快回應。

          採用特別設計及功能強大的 XDR、攻擊面風險管理及零信任功能來比對手行得更快。

          進一步了解
      • 擴展團隊的能力
        • 擴展團隊的能力 快速靈活回應威脅

          以主動風險縮減及託管式服務令效能最大化

          進一步了解
      • 實施零信任
        • 實施零信任

          透過單一主控台了解受攻擊面、實時評估風險及調整網絡、工作負載及裝置的政策

          進一步了解
    • 針對職能
      • 針對職能
        • 針對職能
          進一步了解
      • 資訊保安長
        • 資訊保安長

          推動業務價值及可量度的網絡保安成果

          進一步了解
      • 保安運作中心主管
        • 保安運作中心主管

          看得更多、反應更快

          進一步了解
      • 基礎建設主管
        • 基礎建設主管

          進化您的保安,更快及更具效率地緩解威脅

          進一步了解
      • 雲架構師及開發師
        • 雲架構師及開發師

          確保程式碼按原本設計運行

          進一步了解
      • 雲端保安 Ops
        • 雲端保安 Ops

          透過為雲端環境設計的保安取得視野及管控

          進一步了解
    • 針對業界
      • 針對業界
        • 針對業界
          進一步了解
      • 醫療
        • 醫療

          保護病者資料、裝置及網絡,達致醫療法規要求。

          進一步了解
      • 製造業
        • 製造業

          保護工廠環境,包括傳統裝置以至尖端基礎建設

          進一步了解
      • 石油及天然氣
        • 石油及天然氣

          油氣業專用 ICS/OT 保安

          進一步了解
      • 電力設施
        • 電力設施

          電力設施專用 ICS/OT 保安

          進一步了解
      • 汽車製造
        • 汽車製造
          進一步了解
      • 5G 網絡
        • 5G 網絡
          進一步了解
  • 平台
    • Vision One 平台
      • Vision One 平台
        • Trend Vision One™
          我們的一體化平台

          連繫威脅防護及網絡風險管理

          進一步了解
      • Companion 人工智能助理
        • Trend Vision One Companion

          您的生成式人工智能網絡保安助理

          進一步了解
    • 攻擊面風險管理
      • 攻擊面風險管理

        將零信任策略運作化

        進一步了解
    • 擴展式偵測與回應
      • 擴展式偵測與回應

        透過單一平台取得更廣闊視角及更詳盡背景,以便快速搜尋、偵測、調查及回應威脅

        進一步了解
    • 雲端保安
      • 雲端保安
        • Trend Vision One™
          雲端保安總覽

          最受開發師、保安團隊及商界信賴的雲端保安平台

          進一步了解
      • 雲端工作負載防護
        • Workload Security

          以帶有 CNAPP 功能的雲端保安平台保護您的數據中心、雲端及容器,而無須犧牲系統效能或保安

          進一步了解
      • 容器防護
        • 容器防護

          以先進的容器影像掃瞄、政策為基登入管制及容器運作期保護來簡化雲端原生應用程式的保安

          進一步了解
      • 檔案保安
        • 檔案保安

          保護應用程式作業流程及雲端儲存免於進階威脅

          進一步了解
    • 用戶端防護
      • 用戶端防護
        • 用戶端防護總覽

          在攻擊的每一階段保護用戶端

          進一步了解
      • 工業用戶端保安
        • 工業用戶端保安
          進一步了解
      • 工作負載保安
        • 工作負載保安

          為用戶端、伺服器及雲端工作負載提供最佳化的預防、偵測與回應

          進一步了解
    • 網絡防護
      • 網絡防護
        • 網絡保安總覽

          以網絡偵測與回應擴展 XDR 的能力

          進一步了解
      • 網絡入侵防禦
        • 網絡入侵防禦

          解決網絡上已知、未知及未公開的漏洞。

          進一步了解
      • 入侵偵測系統
        • 入侵偵測系統

          偵測及回應內向、外向及橫向移動的針對性攻擊

          進一步了解
      • 保護服務邊緣
        • 保護服務邊緣

          以持續風險評估重新定義可信任及安全的數碼轉型

          進一步了解
      • 工業網絡保安
        • 工業網絡保安
          進一步了解
    • 電郵保安
      • 電郵保安
        • 電郵保安

          阻止釣魚、惡意程式、勒索程式、詐騙及針對性攻擊入侵您的企業

          進一步了解
      • 電郵和協同作業防護
        • Trend Vision One™
          電郵和協同作業防護

          在所有電郵服務阻止釣魚、勒索程式及針對性攻擊,包括 Microsoft 365 及 Google Workspace。

          進一步了解
    • Threat Insights
      • Threat Insights

        預先知道威脅來臨

        進一步了解
    • Identity Security
      • Identity Security

        端對端身份防護,由身份狀況管理以至偵測與回應

        進一步了解
    • 所有產品、服務及試用
      • 所有產品、服務及試用
        進一步了解
    • On-Premises Data Sovereignty
      • 駐場數據主權

        提供預防、偵測、回應及保護而不會損害數據主權

        進一步了解
  • 研究
    • 研究
      • 研究
        • 研究
          進一步了解
      • 研究、新聞及觀點
        • 研究、新聞及觀點
          進一步了解
      • 研究與分析
        • 研究與分析
          進一步了解
      • 資訊保安新聞
        • 資訊保安新聞
          進一步了解
      • ZDI 漏洞懸賞計畫
        • ZDI 漏洞懸賞計畫
          進一步了解
  • 服務
    • 我們的服務
      • 我們的服務
        • 我們的服務
          進一步了解
      • 服務組合
        • 服務組合

          以全天候託管式偵測、回應及支援服務強化保安團隊

          進一步了解
      • Managed XDR
        • Managed XDR

          以專業的託管式偵測與回應(MDR)強化對電郵、用戶端、伺服器、雲端工作負載及網絡威脅的偵測。

          進一步了解
      • 事故回應
        • 事故回應
          • 事故回應

            無論您需要對應入侵或主動改善事故回應計劃,我們備受信賴的專家都準備就緒,隨時候命

            進一步了解
        • 保險承保單位及律師事務所
          • 保險承保單位及律師事務所

            以市場上最佳的回應與偵測技術來阻止入侵,減低客戶的停機時間及索償。

            進一步了解
      • 支援服務
        • 支援服務
          進一步了解
  • 合作夥伴
    • 業務夥伴計劃
      • 業務夥伴計劃
        • 業務夥伴計劃總覽

          利用業界最佳的多層次保安來擴充業務及保護您的客戶

          進一步了解
      • 託管式保安服務商
        • 託管式保安服務商

          透過我們領導業界的 XDR 提供現代化保安運作服務

          進一步了解
      • 託管服務商
        • 託管服務商

          與領導業界的網絡保安專家合作,利用專為託管服務商設計的久經驗證方案

          進一步了解
      • 雲服務商
        • 雲服務商

          無論您使用甚麼平台,為您的雲服務加入領導市場的保安功能

          進一步了解
      • 專業服務
        • 專業服務

          透過領導業界的防護來增加營收

          進一步了解
      • 經銷商
        • 經銷商

          探索無限可能

          進一步了解
      • 市集合作夥伴
        • 市集合作夥伴
          進一步了解
      • 系統整合商
        • 系統整合商
          進一步了解
    • 策略聯盟夥伴
      • 策略聯盟夥伴
        • 策略聯盟總覽

          我們與最頂尖的廠商合作來協助您創造最大的績效與價值。

          進一步了解
      • 科技策略聯盟夥伴
        • 科技策略聯盟夥伴
          進一步了解
      • 我們的策略聯盟夥伴
        • 我們的策略聯盟夥伴
          進一步了解
    • 業務夥伴專用工具
      • 業務夥伴專用工具
        • 業務夥伴專用工具
          進一步了解
      • 合作夥伴登入
        • 合作夥伴登入
          登入
      • 培訓與認證
        • 培訓與認證
          進一步了解
      • 業務夥伴案例
        • 業務夥伴案例
          進一步了解
      • 香港澳門區分銷商
        • 代理商
          進一步了解
      • 尋找合作夥伴
        • 尋找合作夥伴
          進一步了解
  • 公司
    • 為何選擇趨勢科技
      • 為何選擇趨勢科技
        • 為何選擇趨勢科技
          進一步了解
      • 用戶案例
        • 用戶案例
          進一步了解
      • 業界盛譽
        • 業界盛譽
          進一步了解
      • 策略聯盟
        • 策略聯盟
          進一步了解
      • 人際連繫
        • 人際連繫
          進一步了解
    • 關於我們
      • 關於我們
        • 關於我們
          進一步了解
      • 互信中心
        • 互信中心
          進一步了解
      • 歷史
        • 歷史
          進一步了解
      • 多樣性、平等及包容性
        • 多樣性、平等及包容性
          進一步了解
      • 企業社會責任
        • 企業社會責任
          進一步了解
      • 領導地位
        • 領導地位
          進一步了解
      • 資訊保安專家
        • 資訊保安專家
          進一步了解
      • 網絡安全與網絡保安教育推廣
        • 網絡安全與網絡保安教育推廣
          進一步了解
      • 投資人
        • 投資人
          進一步了解
      • 法務
        • 法務
          進一步了解
      • 電動方程式賽車
        • 電動方程式賽車
          進一步了解
    • 聯絡我們
      • 聯絡我們
        • 聯絡我們
          進一步了解
      • 新聞中心
        • 新聞中心
          進一步了解
      • 活動
        • 活動
          進一步了解
      • 徵求人才
        • 徵求人才
          進一步了解
      • 網上研討會
        • 網上研討會
          進一步了解
    • 趨勢科技方案的比較
      • 趨勢科技方案的比較
        • 趨勢科技方案的比較

          看趨勢科技如何較對手表現更佳

          繼續
      • 與 Crowdstrike 的比較
        • 趨勢科技與 Crowdstrike 的比較

          Crowdstrike 透過其雲原生平台提供有效率的網絡保安,但其價格可能會令用戶超出預算,特別影響希望尋找高性價比且可透過真正單一平台按需進行調整的機構。

          繼續
      • 與 Microsoft 的比較
        • 趨勢科技與 Microsoft 的比較

          Microsoft 提供一個基礎層面的防護,但通常都需要額外附加方案來全面對應腦戶的保安問題

          繼續
      • 與 Palo Alto 的比較
        • 趨勢科技與 Palo Alto Networks 的比較

          Palo Alto 提供先進的網絡保安方案,但要在其全面的套件中搜尋方案是一件相當複雜的事,而要採用所有功能更需要重大投資。

          繼續
  • 免費試用
  • 聯絡我們
在尋找家居方案?
受到攻擊?
支援
  • 商務支援專用網站
  • 培訓與認證
  • 聯絡支援團隊
  • 尋找支援合作夥伴
資源
  • 趨勢科技與對手的比較:
  • 網絡風險指數 / 評估
  • CISO 資源中心
  • DevOps 資源中心
  • 【甚麼是?】
  • 威脅百科
  • 雲端健康評估
  • 網絡保險
  • 名詞解釋
  • 網上研討會
登入
  • Trend Vision One
  • 支援
  • 業務夥伴專用網站
  • Trend Micro Cloud One
  • 產品啟動及管理
  • 轉介夥伴
arrow_back
search
close
  • Security News
  • Internet of Things
  • Inside the Smart Home: IoT Device Threats and Attack Scenarios

Inside the Smart Home: IoT Device Threats and Attack Scenarios

July 30, 2019
  • Email
  • Facebook
  • Twitter
  • Google+
  • Linkedin

Download IoT Device Security: Locking Out Risks and Threats to Smart Homes Download IoT Device Security: Locking Out Risks and Threats to Smart Homes

By Ziv Chang, Trend Micro Research

A smart home is made up of a number of different devices connected to the internet of things (IoT), each with a specific set of functions. No matter how different these devices are from one another, they have the shared goal of streamlining the tasks and simplifying the lives of their users. Together they paint an enticing image of comfort and convenience. However, just as these devices have revolutionized home living, they have also given rise to new complications for home security.

We detail different smart home attack scenarios and discuss the different attack layers of IoT devices in our paper, "IoT Device Security: Locking Out Risks and Threats to Smart Homes." Here we give an overview of the possible attack scenarios for various smart home devices and suggest security solutions.

Inside a smart home

A smart home gives users extensive access to many aspects of their home, even from a remote location. For example, users can monitor their home in real time through a mobile app or web interface. They can also initiate certain actions remotely, such as communicating with their children using a smart toy or unlocking a smart lock for a trusted friend.

Smart home devices also provide automatic and chained functions that can make day-to-day living more convenient for users. For example, in the morning the smart coffee maker starts brewing before the users need to get up for work. Once the users are in the kitchen, the smart refrigerator alerts them that they are low on supplies, if it has not yet ordered the needed items. As the users go out the door, the smart lock automatically locks behind them. And now that the house is empty, the smart robot vacuum cleaner starts its scheduled cleaning.

This scenario and plenty of others are possible if users have good control and visibility over the deployed devices in their smart homes. But problems arise if this control and visibility, unbeknown to the users, shift to malicious actors.

Compromised devices in a smart home

Existing vulnerabilities, poor configuration, and the use of default passwords are among the factors that can aid a hacker in compromising at least one device in a smart home system. Once a single device is compromised, hackers can take a number of actions based on the capabilities and functions of the device. We illustrate some of them here.

Starting from the front door, there can be a smart lock. If compromised, the smart lock can give hackers control over who comes in or out of the house. The most obvious action available for hackers, then, would be to let intruders or accomplices in to the house, and another would be to lock out the actual residents.

Inside the living room, several other devices can be set up. One of these can be a smart speaker, which serves as the conduit for voice-initiated home automation commands. If compromised, a voice-activated device such as a smart speaker can allow hackers to issue voice commands of their own.

In the kitchen, devices like a smart refrigerator and a smart coffee maker can cause major issues if successfully hacked. Hackers can set up a smart refrigerator to register wrong expiration dates or order an immense amount of groceries online. And even a smart coffee maker can cause great inconvenience if commanded by hackers to brew coffee incessantly.

Smart devices can now also be found even in the bathroom, most commonly in the form of smart toilets. A smart toilet has different features, such as sensing the right amount of water for flushing waste, that can be very helpful for users. But hackers can use some of its features to make the device act up, by making the toilet flush repeatedly or let water flow continuously from the bidet.

Hover overTap warning sign for more info.

Specific members of the household can also be targeted depending on the device being compromised. In the case of children, compromised smart toys pose a particular risk. Hackers can, for example, communicate with the child directly or quietly record the child’s activities using the toy. Vulnerable smart toys illustrate how even items that are safe enough for child use can still cause harm if compromised.

Smart bulbs can be installed all around the house, from the basement to the attic. They can be turned on or off depending on the time of day or amount of movement or ambient light detected. But hackers can use these seemingly simple devices to disturb residents, by switching them on at inconvenient times, among other actions.

Devices like smart robot vacuum cleaners, which have some mobility around the house, can provide hackers information about the home’s layout. This information can be used by the hackers in planning further activities and movements.

The point where smart devices are connected can also prove useful for hackers. Hackers can use the home gateway to redirect or modify connections to their advantage. This demonstrates that anything connected to the smart home network can be as useful to a resourceful hacker as it is to the actual owner.

Outside a smart home

Although our discussion of compromise and its consequences has centered on smart homes, the same problems can exist anywhere vulnerable or misconfigured devices are deployed. The consequences of a successful attack on a particular IoT system depend on the kind of environment the system is used for.

Many, if not all, of the devices mentioned above can easily be seen in an enterprise setting. An office pantry or break room, for example, can contain a smart refrigerator and a smart coffee maker. And smart bulbs certainly will not be out of place in an enterprise, especially as they can help the business conserve energy if deployed on a large scale.

Portable and wearable smart devices add another layer of complexity to IoT security concerns, as these devices traverse both enterprise and home environments, and have even given rise to updates on many companies’ “bring your own device” (BYOD) policies. These devices, such as smartwatches and smart yoga mats, are typically brought by users to the office, and then brought back home at the end of the work day. A malware infection picked up in one environment, for example, can spread to the other if the BYOD policies in place are weak or if adequate security measures are not taken to prevent such a threat.

Securing smart devices

More than showing what hackers can do with smart devices, these scenarios show how deeply the IoT has become integrated in people’s lives. This is apparent in how there is an applicable IoT device for every part of a home, from the living room and the kitchen to the bathroom and the attic. This deep involvement in people’s lives is what makes IoT attacks both viable for hackers and impactful for users. Arguably, nowhere have cyberthreats been more potentially invasive and personal than in smart homes.

It is all the more reason, then, for users to secure the IoT devices in their smart homes. Here are some security measures that users can take to protect and defend their smart homes against attacks on IoT devices:

  • Map all connected devices. All devices connected to the network, whether at home or at the enterprise level, should be well accounted for. Their settings, credentials, firmware versions, and recent patches should be noted. This step can help assess which security measures the users should take and pinpoint which devices may have to be replaced or updated.
  • Change default passwords and settings. Make sure that the settings used by each device are aligned toward stronger security, and change the settings if this is not the case. Change default and weak passwords to avoid attacks like brute force and unwanted access.
  • Patch vulnerabilities. Patching may be a challenging task, especially for enterprises. But it is integral to apply patches as soon as they are released. For some users, patches may disrupt their regular processes, for which virtual patching could be an option.
  • Apply network segmentation. Use network segmentation to prevent the spread of attacks, and isolate possibly problematic devices that cannot be immediately taken offline.

Read our paper, “IoT Device Security: Locking Out Risks and Threats to Smart Homes,” for more on this topic, including descriptions of other attack scenarios, a discussion of the different attack layers of an IoT device, and further security steps users can follow to keep their smart homes safe.


HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Posted in Internet of Things, Research, Vulnerabilities, Exploits, Device Management

Related Posts

  • Cellular IoT Vulnerabilities: Another Door to Cellular Networks
  • UNWIRED: Understanding the Unforeseen Risks in Evolving Communication Channels
  • Pushing the Outer Limits: Trend Micro 2024 Midyear Cybersecurity Threat Report
  • Today’s Cloud and Container Misconfigurations Are Tomorrow’s Critical Vulnerabilities
  • Kong API Gateway Misconfigurations: An API Gateway Security Case Study

Recent Posts

  • Slopsquatting: When AI Agents Hallucinate Malicious Packages
  • Unveiling AI Agent Vulnerabilities Part V: Securing LLM Services
  • The Rise of Residential Proxies as a Cybercrime Enabler
  • Unveiling AI Agent Vulnerabilities Part IV: Database Access Vulnerabilities
  • Unveiling AI Agent Vulnerabilities Part III: Data Exfiltration

We Recommend

  • Internet of Things
  • Virtualization & Cloud
  • Ransomware
  • Security Technology
  • Cellular IoT Vulnerabilities: Another Door to Cellular Networks
    • UNWIRED: Understanding the Unforeseen Risks in Evolving Communication Channels
    • MQTT and M2M: Do You Know Who Owns Your Machine’s Data?
  • AI in the Crosshairs: Understanding and Detecting Attacks on AWS AI Services with Trend Vision One™
    • Today’s Cloud and Container Misconfigurations Are Tomorrow’s Critical Vulnerabilities
    • Uncover Cloud Attacks with Trend Vision One and CloudTrail
  • Trend 2025 Cyber Risk Report
    • Ransomware Spotlight: Ransomhub
    • From Vulnerable to Resilient: Cutting Ransomware Risk with Proactive Cyber Risk Exposure Management
  • CES 2025: A Comprehensive Look at AI Digital Assistants and Their Security Risks
    • AI Assistants in the Future: Security Concerns and Risk Management
    • The Realities of Quantum Machine Learning

2025 Trend Micro Cyber Risk Report

2025 Trend Micro Cyber Risk Report

View the report

The Easy Way In/Out: Securing The Artificial Future, Trend Micro Security Predictions for 2025

2025 Trend Micro Security Predictions

View the 2025 Trend Micro Security Predictions

免費試用我們的服務 30 天

  • 開始免費試用

資源

  • 網誌
  • 新聞中心
  • 威脅報告
  • DevOps 資源中心
  • CISO 資源中心
  • 尋找業務夥伴

支援

  • 商務支援專用網站
  • 聯絡我們
  • 下載
  • 免費試用

關於趨勢科技

  • 關於我們
  • 徵求人才
  • 營業點
  • 即將舉行的活動
  • 互信中心

香港暨澳門辦事處

香港辦事處(HK)

香港灣仔
港灣道 6-8 號
瑞安中心 9 樓 903-905 室

電話:+852 2214 3200

選擇國家 / 地區

close

美洲

  • 美國
  • 巴西
  • 加拿大
  • 墨西哥

中東及非洲

  • 南非
  • 中東與北非

歐洲

  • 比利時
  • 捷克
  • 丹麥
  • 德國、奧地利、瑞士
  • 西班牙
  • 法國
  • 愛爾蘭
  • 意大利
  • 荷蘭
  • 挪威
  • 波蘭
  • 芬蘭
  • 瑞典
  • 土耳其
  • 英國

亞太地區

  • 澳洲
  • Центральная Азия(中亞洲)
  • 香港(英文)
  • 香港(中文)
  • 印度
  • 印尼
  • 日本
  • 南韓
  • 馬來西亞
  • Монголия(蒙古)及 рузия(格魯吉亞)
  • 新西蘭
  • 菲律賓
  • 新加坡
  • 台灣
  • 泰國
  • 越南

私隱 | 法務 | 無障礙支援 | 網站地圖

© 2024 年趨勢科技版權所有 本公司保留所有權利

© 2024 年趨勢科技版權所有 本公司保留所有權利