undefined
  • 目前沒有新的通知。
  • 掃瞄引擎
  • 所有病毒碼檔案
  • 所有下載
  • 訂閱下載中心 RSS 通知
  • 尋找合作夥伴
  • 家庭辦公室線上商店
  • 線上續約
  • 免費工具
  • 聯絡業務人員
  • 全球據點
  • 電話:852.2866 4362 電郵:hksales@trendmicro.com
  • 美洲
  • 美國
  • 巴西
  • 加拿大
  • 墨西哥
  • 亞太地區
  • 澳洲
  • 香港(英文)
  • 香港(中文)
  • 印度
  • 印尼
  • 日本
  • 南韓
  • 馬來西亞
  • 新西蘭
  • 菲律賓
  • 新加坡
  • 台灣
  • 泰國
  • 越南
  • 歐洲、中東與非洲
  • 比利時
  • 捷克
  • 丹麥
  • 德國、奧地利、瑞士
  • 西班牙
  • 法國
  • 愛爾蘭
  • 意大利
  • 中東與北非
  • 荷蘭
  • 挪威
  • 波蘭
  • 俄羅斯
  • 南非
  • 芬蘭
  • 瑞典
  • 土耳其
  • 英國
  • 我的支援
  • 登入支援中心
  • 登入業務夥伴入口網站
  • 我的帳戶(家用方案)
  • SafeSync
  • 遺失裝置入門網站
  • 趨勢科技保險箱
  • 密碼管理通
  • 企業方案
  • SafeSync
  • 線上案件追蹤
  • 進階專屬支援
  • Worry-Free Business Security Services
  • Remote Manager
  • Cloud One
  • 聯絡業務人員
  • 營業點
  • 支援
  • 尋找合作夥伴
  • 社交媒體
  • Facebook
  • Twitter
  • LinkedIn
  • Youtube
  • Instagram
  • 電話:852-2866 4362 電郵: hksales@trendmicro.com 服務時間: 週一至週五,上午 9:00 ~ 下午 1:00 下午 2:00 ~ 6:00(公眾假期除外)
趨勢科技防護 趨勢科技防護
商業 
家用 
混合雲防護
工作負載保安
Conformity
容器保安
檔案儲存保安
應用程式保安
網絡保安
開放源碼保安
網絡保安
入侵防禦
Advanced Threat Protection
工業網絡保安
流動網絡防護
用戶防護
用戶端防護
工業用戶端
電郵防護
網站防護
用戶端及閘道套裝軟件
偵測及回應
XDR
託管式 XDR 服務
用戶端偵測與回應
支援源自
全球威脅情報
連繫式威脅防禦
所有產品與試用
所有方案
中小型企業保安
雲端
雲端遷移
雲原生應用程式開發
雲端卓越運作
數據中心防護
SaaS 應用程式
物聯網
智能工廠
連網車輛
連網消費者
企業專屬 5G 保安
風險管理
勒索程式
已終止支援系統
法規遵循
偵測與回應
行業
醫療界
製造業
趨勢科技如何與眾不同
用戶案例
策略聯盟
業界領導地位
研究
關於我們的研究
研究與分析
研究、新聞及觀點
資訊保安報告
資訊保安新聞
ZDI 漏洞懸賞計畫
網誌
按題目區分的研究
漏洞
年度預測
The Deep Web
物聯網
資源
DevOps 資源中心
CISO 資源中心
【甚麼是?】
威脅百科
雲端健康評估
網絡風險評估
企業指南
名詞解釋
業務支援
登入支援中心
技術支援
病毒與威脅協助
續約與註冊
培訓與認證
聯絡支援團隊
下載
免費清除工具
尋找支援合作夥伴
熱門產品專區
Deep Security
Apex One
Worry-Free
渠道業務夥伴
渠道業務夥伴總覽
託管服務商
雲服務商
專業服務
經銷商
市集合作夥伴
系統整合商
策略聯盟夥伴
策略聯盟總覽
科技策略聯盟夥伴
我們的策略聯盟夥伴
工具及資源
尋找業務夥伴
培訓與認證
業務夥伴案例
港澳區代理商
合作夥伴登入
簡介
領導地位
用戶案例
策略聯盟
業界讚譽
新聞中心
網上研討會
活動
資訊保安專家
徵求人才
歷史
企業社會責任
多樣性及包容性
網絡安全與網絡資訊保安教育推廣
投資者
私隱及法務
    undefined
  • 目前沒有新的通知。
  • 掃瞄引擎
  • 所有病毒碼檔案
  • 所有下載
  • 訂閱下載中心 RSS 通知
  • 尋找合作夥伴
  • 家庭辦公室線上商店
  • 線上續約
  • 免費工具
  • 聯絡業務人員
  • 全球據點
  • 電話:852.2866 4362 電郵:hksales@trendmicro.com
  • 美洲
  • 美國
  • 巴西
  • 加拿大
  • 墨西哥
  • 亞太地區
  • 澳洲
  • 香港(英文)
  • 香港(中文)
  • 印度
  • 印尼
  • 日本
  • 南韓
  • 馬來西亞
  • 新西蘭
  • 菲律賓
  • 新加坡
  • 台灣
  • 泰國
  • 越南
  • 歐洲、中東與非洲
  • 比利時
  • 捷克
  • 丹麥
  • 德國、奧地利、瑞士
  • 西班牙
  • 法國
  • 愛爾蘭
  • 意大利
  • 中東與北非
  • 荷蘭
  • 挪威
  • 波蘭
  • 俄羅斯
  • 南非
  • 芬蘭
  • 瑞典
  • 土耳其
  • 英國
  • 我的支援
  • 登入支援中心
  • 登入業務夥伴入口網站
  • 我的帳戶(家用方案)
  • SafeSync
  • 遺失裝置入門網站
  • 趨勢科技保險箱
  • 密碼管理通
  • 企業方案
  • SafeSync
  • 線上案件追蹤
  • 進階專屬支援
  • Worry-Free Business Security Services
  • Remote Manager
  • Cloud One
  • 聯絡業務人員
  • 營業點
  • 支援
  • 尋找合作夥伴
  • 社交媒體
  • Facebook
  • Twitter
  • LinkedIn
  • Youtube
  • Instagram
  • 電話:852-2866 4362 電郵: hksales@trendmicro.com 服務時間: 週一至週五,上午 9:00 ~ 下午 1:00 下午 2:00 ~ 6:00(公眾假期除外)
  • 目前沒有新的通知。
  • 目前沒有新的通知。
  • 掃瞄引擎
  • 所有病毒碼檔案
  • 所有下載
  • 訂閱下載中心 RSS 通知
  • 尋找合作夥伴
  • 家庭辦公室線上商店
  • 線上續約
  • 免費工具
  • 聯絡業務人員
  • 全球據點
  • 電話:852.2866 4362 電郵:hksales@trendmicro.com
    • 美洲
    • 美國
    • 巴西
    • 加拿大
    • 墨西哥
    • 亞太地區
    • 澳洲
    • 香港(英文)
    • 香港(中文)
    • 印度
    • 印尼
    • 日本
    • 南韓
    • 馬來西亞
    • 新西蘭
    • 菲律賓
    • 新加坡
    • 台灣
    • 泰國
    • 越南
    • 歐洲、中東與非洲
    • 比利時
    • 捷克
    • 丹麥
    • 德國、奧地利、瑞士
    • 西班牙
    • 法國
    • 愛爾蘭
    • 意大利
    • 中東與北非
    • 荷蘭
    • 挪威
    • 波蘭
    • 俄羅斯
    • 南非
    • 芬蘭
    • 瑞典
    • 土耳其
    • 英國
  • 我的支援
  • 登入支援中心
  • 登入業務夥伴入口網站
  • 我的帳戶(家用方案)
  • SafeSync
  • 遺失裝置入門網站
  • 趨勢科技保險箱
  • 密碼管理通
  • 企業方案
  • SafeSync
  • 線上案件追蹤
  • 進階專屬支援
  • Worry-Free Business Security Services
  • Remote Manager
  • Cloud One
  • 聯絡業務人員
  • 營業點
  • 支援
  • 尋找合作夥伴
  • 社交媒體
  • Facebook
  • Twitter
  • LinkedIn
  • Youtube
  • Instagram
  • 電話:852-2866 4362 電郵: hksales@trendmicro.com 服務時間: 週一至週五,上午 9:00 ~ 下午 1:00 下午 2:00 ~ 6:00(公眾假期除外)
    undefined
  • Security News
  • Internet of Things
  • Inside the Smart Home: IoT Device Threats and Attack Scenarios

Inside the Smart Home: IoT Device Threats and Attack Scenarios

July 30, 2019
  • Email
  • Facebook
  • Twitter
  • Google+
  • Linkedin

Download IoT Device Security: Locking Out Risks and Threats to Smart Homes Download IoT Device Security: Locking Out Risks and Threats to Smart Homes

By Ziv Chang, Trend Micro Research

A smart home is made up of a number of different devices connected to the internet of things (IoT), each with a specific set of functions. No matter how different these devices are from one another, they have the shared goal of streamlining the tasks and simplifying the lives of their users. Together they paint an enticing image of comfort and convenience. However, just as these devices have revolutionized home living, they have also given rise to new complications for home security.

We detail different smart home attack scenarios and discuss the different attack layers of IoT devices in our paper, "IoT Device Security: Locking Out Risks and Threats to Smart Homes." Here we give an overview of the possible attack scenarios for various smart home devices and suggest security solutions.

Inside a smart home

A smart home gives users extensive access to many aspects of their home, even from a remote location. For example, users can monitor their home in real time through a mobile app or web interface. They can also initiate certain actions remotely, such as communicating with their children using a smart toy or unlocking a smart lock for a trusted friend.

Smart home devices also provide automatic and chained functions that can make day-to-day living more convenient for users. For example, in the morning the smart coffee maker starts brewing before the users need to get up for work. Once the users are in the kitchen, the smart refrigerator alerts them that they are low on supplies, if it has not yet ordered the needed items. As the users go out the door, the smart lock automatically locks behind them. And now that the house is empty, the smart robot vacuum cleaner starts its scheduled cleaning.

This scenario and plenty of others are possible if users have good control and visibility over the deployed devices in their smart homes. But problems arise if this control and visibility, unbeknown to the users, shift to malicious actors.

Compromised devices in a smart home

Existing vulnerabilities, poor configuration, and the use of default passwords are among the factors that can aid a hacker in compromising at least one device in a smart home system. Once a single device is compromised, hackers can take a number of actions based on the capabilities and functions of the device. We illustrate some of them here.

Starting from the front door, there can be a smart lock. If compromised, the smart lock can give hackers control over who comes in or out of the house. The most obvious action available for hackers, then, would be to let intruders or accomplices in to the house, and another would be to lock out the actual residents.

Inside the living room, several other devices can be set up. One of these can be a smart speaker, which serves as the conduit for voice-initiated home automation commands. If compromised, a voice-activated device such as a smart speaker can allow hackers to issue voice commands of their own.

In the kitchen, devices like a smart refrigerator and a smart coffee maker can cause major issues if successfully hacked. Hackers can set up a smart refrigerator to register wrong expiration dates or order an immense amount of groceries online. And even a smart coffee maker can cause great inconvenience if commanded by hackers to brew coffee incessantly.

Smart devices can now also be found even in the bathroom, most commonly in the form of smart toilets. A smart toilet has different features, such as sensing the right amount of water for flushing waste, that can be very helpful for users. But hackers can use some of its features to make the device act up, by making the toilet flush repeatedly or let water flow continuously from the bidet.

Hover overTap warning sign for more info.

Specific members of the household can also be targeted depending on the device being compromised. In the case of children, compromised smart toys pose a particular risk. Hackers can, for example, communicate with the child directly or quietly record the child’s activities using the toy. Vulnerable smart toys illustrate how even items that are safe enough for child use can still cause harm if compromised.

Smart bulbs can be installed all around the house, from the basement to the attic. They can be turned on or off depending on the time of day or amount of movement or ambient light detected. But hackers can use these seemingly simple devices to disturb residents, by switching them on at inconvenient times, among other actions.

Devices like smart robot vacuum cleaners, which have some mobility around the house, can provide hackers information about the home’s layout. This information can be used by the hackers in planning further activities and movements.

The point where smart devices are connected can also prove useful for hackers. Hackers can use the home gateway to redirect or modify connections to their advantage. This demonstrates that anything connected to the smart home network can be as useful to a resourceful hacker as it is to the actual owner.

Outside a smart home

Although our discussion of compromise and its consequences has centered on smart homes, the same problems can exist anywhere vulnerable or misconfigured devices are deployed. The consequences of a successful attack on a particular IoT system depend on the kind of environment the system is used for.

Many, if not all, of the devices mentioned above can easily be seen in an enterprise setting. An office pantry or break room, for example, can contain a smart refrigerator and a smart coffee maker. And smart bulbs certainly will not be out of place in an enterprise, especially as they can help the business conserve energy if deployed on a large scale.

Portable and wearable smart devices add another layer of complexity to IoT security concerns, as these devices traverse both enterprise and home environments, and have even given rise to updates on many companies’ “bring your own device” (BYOD) policies. These devices, such as smartwatches and smart yoga mats, are typically brought by users to the office, and then brought back home at the end of the work day. A malware infection picked up in one environment, for example, can spread to the other if the BYOD policies in place are weak or if adequate security measures are not taken to prevent such a threat.

Securing smart devices

More than showing what hackers can do with smart devices, these scenarios show how deeply the IoT has become integrated in people’s lives. This is apparent in how there is an applicable IoT device for every part of a home, from the living room and the kitchen to the bathroom and the attic. This deep involvement in people’s lives is what makes IoT attacks both viable for hackers and impactful for users. Arguably, nowhere have cyberthreats been more potentially invasive and personal than in smart homes.

It is all the more reason, then, for users to secure the IoT devices in their smart homes. Here are some security measures that users can take to protect and defend their smart homes against attacks on IoT devices:

  • Map all connected devices. All devices connected to the network, whether at home or at the enterprise level, should be well accounted for. Their settings, credentials, firmware versions, and recent patches should be noted. This step can help assess which security measures the users should take and pinpoint which devices may have to be replaced or updated.
  • Change default passwords and settings. Make sure that the settings used by each device are aligned toward stronger security, and change the settings if this is not the case. Change default and weak passwords to avoid attacks like brute force and unwanted access.
  • Patch vulnerabilities. Patching may be a challenging task, especially for enterprises. But it is integral to apply patches as soon as they are released. For some users, patches may disrupt their regular processes, for which virtual patching could be an option.
  • Apply network segmentation. Use network segmentation to prevent the spread of attacks, and isolate possibly problematic devices that cannot be immediately taken offline.

Read our paper, “IoT Device Security: Locking Out Risks and Threats to Smart Homes,” for more on this topic, including descriptions of other attack scenarios, a discussion of the different attack layers of an IoT device, and further security steps users can follow to keep their smart homes safe.


HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Posted in Internet of Things, Research, Vulnerabilities, Exploits, Device Management

Related Posts

  • Navigating New Frontiers: Trend Micro 2021 Annual Cybersecurity Report
  • Trend Micro Security Predictions for 2022: Toward a New Momentum
  • Protecting Your Krew: A Security Analysis of kubectl Plug-ins
  • Minding the Gaps: The State of Vulnerabilities in Cloud Native Applications
  • How to Secure Smart Home IoT Devices, Routers, and Smart Speakers

Recent Posts

  • The Crypto-Monetized Web: A Forward-Looking Thought Experiment
  • Trend Micro Cloud App Security Threat Report 2021
  • An Analysis of Azure Managed Identities Within Serverless Environments
  • Exposing Earth Berberoka: A Multiplatform APT Campaign Targeting Online Gambling Sites
  • LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022

We Recommend

  • Internet of Things
  • Virtualization & Cloud
  • Ransomware
  • Securing Home Routers
  • 5G and Aviation: A Look Into Security and Technology Upgrades Working in Tandem
    • Reinforcing NAS Security Against Pivoting Threats
    • Addressing Cloud-Related Threats to the IoT
  • An Analysis of Azure Managed Identities Within Serverless Environments
    • Using Custom Containers in Serverless Environments for Better Security
    • Crafting an Azure App Services Threat Model
  • LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022
    • Ransomware Spotlight: RansomEXX
    • Ransomware Spotlight: AvosLocker
  • Alexa and Google Home Devices can be Abused to Phish and Eavesdrop on Users, Research Finds
    • Mirai Variant Spotted Using Multiple Exploits, Targets Various Routers
    • A Look Into the Most Noteworthy Home Network Security Threats of 2017

2021 Midyear Cybersecurity Report

2021 Security Predictions

In the first half of this year, cybersecurity strongholds were surrounded by cybercriminals waiting to pounce at the sight of even the slightest crack in defenses to ravage valuable assets.
View the report

Trend Micro Security Predictions for 2022: Toward a New Momentum

Trend Micro Security Predictions for 2021: Toward a New Momentum

In 2022, decision-makers will have to contend with threats old and new bearing down on the increasingly interconnected and perimeterless environments that define the postpandemic workplace.
View the 2022 Trend Micro Security Predictions

  • 聯絡業務人員
  • 營業點
  • 徵求人才
  • 新聞中心
  • 互信中心
  • 私隱
  • 無障礙支援
  • 支援
  • 網站地圖
  • linkedin
  • twitter
  • facebook
  • youtube
  • instagram
  • rss
Copyright © 2022 Trend Micro Incorporated 本公司保留所有權利。