• Al momento non ci sono nuove notifiche.
  • Motori di scansione
  • Tutti i file pattern
  • Tutti i download
  • Iscriviti al Download Center RSS
  • Trova un partner
  • Online store privati e ufficio
  • Rinnovo online
  • Strumenti gratuiti
  • Contatta un rivenditore
  • Sedi in tutto il mondo
  • +39 02 925931
  • Piccole imprese
  • Acquista online
  • Rinnovo online
  • America
  • Stati Uniti
  • Brasile
  • Canada
  • Messico
  • Medio Oriente e Africa
  • Sudafrica
  • Medio Oriente e Nord Africa
  • Europa
  • België (Belgio)
  • Česká Republika (Repubblica Ceca)
  • Danmark (Danimarca)
  • Germania, Austria, Svizzera
  • España (Spagna)
  • France (Francia)
  • Ireland (Irlanda)
  • Italia
  • Nederland (Paesi Bassi)
  • Norge (Norvegia)
  • Polska (Polonia)
  • Suomi (Finlandia)
  • Svezia
  • Turchia
  • United Kingdom (Regno Unito)
  • Asia e Pacifico
  • Australia
  • Центральная Азия (Asia Centrale)
  • Hong Kong (Inglese)
  • 香港 (中文) (Hong Kong)
  • भारत गणराज्य (India)
  • Indonesia
  • 日本 (Giappone)
  • 대한민국 (Corea del Sud)
  • Malaysia
  • Монголия (Mongolia) e рузия (Georgia)
  • Nuova Zelanda
  • Filippine
  • Singapore
  • 台灣 (Taiwan)
  • ประเทศไทย (Thailand)
  • Việt Nam (Vietnam)
  • La mia assistenza
  • Accedi all'assistenza
  • Partner Portal
  • Soluzioni per privati
  • Il mio Account
  • Portale dispositivi smarriti
  • Trend Micro Vault
  • Password Manager
  • Customer Licensing Portal
  • Monitoraggio dei casi online
  • Assistenza Premium
  • Worry-Free Business Security Services
  • Remote Manager
  • Cloud One
  • Affiliato di riferimento
  • Affiliato di riferimento
  • Cloud
  • Rilevamento e risposta
  • User Protection
  • Contatta il Team Commerciale
  • Sedi
  • Assistenza
  • Trova un partner
  • Scopri i prossimi eventi
  • Social media
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
  • Instagram
  • +39 02 925931
Trend Micro Security Trend Micro Security
Business 
Per i privati 
Trend Micro One - La nostra piattaforma unificata di cybersecurity >
Hybrid Cloud Security
Workload Security
Conformity
Container Security
File Storage Security
Application Security
Network Security
Open Source Security
Network Security
Intrusion Prevention
Advanced Threat Protection
Industrial Network Security
Mobile Network Security
Zero Trust Secure Access
User Protection
Endpoint Security
Email Security
Mobile Security
Web Security
Industrial Endpoint
Rilevamento e risposta
XDR
Attack Surface Risk Management
Alimentato da
IA/Machine learning
Intelligence contro le minacce mondiali
Tutti i prodotti e le versioni di prova gratuite
La nostra piattaforma unificata
Pacchetti di servizi
Sicurezza per le piccole e medie imprese
Per il cloud
Migrazione sul cloud
Sviluppo di applicazioni native per il cloud
Eccellenza operativa in cloud
Sicurezza dei datacenter
Applicazioni SaaS
Internet of Things (IoT)
ICS / OT
Connected Car
Sicurezza del 5G per le aziende
Gestione dei rischi
Ransomware
Cyber Insurance
Sistemi a fine supporto
Conformità
Rilevamento e risposta
Settori
Assistenza sanitaria
Produzione industriale
Petrolio e gas
Azienda di produzione elettrica
La differenza di Trend Micro
Successo del cliente
Alleanze strategiche
Leadership del settore
Ricerca
Informazioni sulla nostra ricerca
Ricerca e analisi
Ricerca, notizie e punti di vista
Rapporti sulla sicurezza
Informazioni sulla sicurezza
Zero Day Initiative (ZDI)
Blog
Cerca per argomento
Vulnerabilità
Previsioni annuali
The Deep Web
Internet of Things (IoT)
Risorse
Centro risorse DevOps
Centro risorse CISO
Che cos'è?
Enciclopedia delle minacce
Valutazione dello stato di salute del cloud
Valutazione del rischio cyber
Guide per le aziende
Glossario dei termini
Navigating New Frontiers: il report annuale sulla cybersecurity 2021 di Trend Micro
Navigating New Frontiers: il report annuale sulla cybersecurity 2021 di Trend Micro

Scopri i problemi di sicurezza più significativi
emersi nel 2021 e come rafforzare le tue difese.

Scarica il report
Servizi
Pacchetti di servizi
Managed XDR
Servizi di supporto
Assistenza per le aziende
Accedi all'assistenza
Supporto tecnico
Aiuto contro virus e minacce
Rinnovi e registrazione
Formazione & Certificazione
Contatta il supporto
Download
Strumenti gratuiti di cleanup
Trova un partner per l'assistenza
Per i prodotti più richiesti
Deep Security
Apex One
Worry-Free
Rinnovi di Worry Free
Partner del canale
Panoramica dei partner del canale
Provider di servizi gestiti
Provider di servizi cloud
Servizi professionali
Rivenditori
Marketplace
Integratori di sistemi
Partner Alliance
Panoramica sull’Alliance
Technology Alliance Partners
I nostri partner Alliance
Strumenti e risorse
Trova un partner
Formazione e certificazioni
Successi del partner
Distributori
Login dei partner
Panoramica
Leadership
Testimonianze dei clienti
Alleanze strategiche
Riconoscimenti di settore
Notizie
Webinar
Eventi
Esperti di sicurezza
Lavora con noi
Cronologia
Corporate Social Responsibility
Diversità, equità e inclusione
Formazione sulla sicurezza su Internet e sulla cybersecurity
Investitori
Privacy e informazioni legali
  • Security Alert su Microsoft Exchange Server: gli Attacchi utilizzano Vulnerabilità Zero-Day

    Come proteggersi
  • Al momento non ci sono nuove notifiche.
  • Motori di scansione
  • Tutti i file pattern
  • Tutti i download
  • Iscriviti al Download Center RSS
  • Trova un partner
  • Online store privati e ufficio
  • Rinnovo online
  • Strumenti gratuiti
  • Contatta un rivenditore
  • Sedi in tutto il mondo
  • +39 02 925931
  • Piccole imprese
  • Acquista online
  • Rinnovo online
  • America
  • Stati Uniti
  • Brasile
  • Canada
  • Messico
  • Medio Oriente e Africa
  • Sudafrica
  • Medio Oriente e Nord Africa
  • Europa
  • België (Belgio)
  • Česká Republika (Repubblica Ceca)
  • Danmark (Danimarca)
  • Germania, Austria, Svizzera
  • España (Spagna)
  • France (Francia)
  • Ireland (Irlanda)
  • Italia
  • Nederland (Paesi Bassi)
  • Norge (Norvegia)
  • Polska (Polonia)
  • Suomi (Finlandia)
  • Svezia
  • Turchia
  • United Kingdom (Regno Unito)
  • Asia e Pacifico
  • Australia
  • Центральная Азия (Asia Centrale)
  • Hong Kong (Inglese)
  • 香港 (中文) (Hong Kong)
  • भारत गणराज्य (India)
  • Indonesia
  • 日本 (Giappone)
  • 대한민국 (Corea del Sud)
  • Malaysia
  • Монголия (Mongolia) e рузия (Georgia)
  • Nuova Zelanda
  • Filippine
  • Singapore
  • 台灣 (Taiwan)
  • ประเทศไทย (Thailand)
  • Việt Nam (Vietnam)
  • La mia assistenza
  • Accedi all'assistenza
  • Partner Portal
  • Soluzioni per privati
  • Il mio Account
  • Portale dispositivi smarriti
  • Trend Micro Vault
  • Password Manager
  • Customer Licensing Portal
  • Monitoraggio dei casi online
  • Assistenza Premium
  • Worry-Free Business Security Services
  • Remote Manager
  • Cloud One
  • Affiliato di riferimento
  • Affiliato di riferimento
  • Cloud
  • Rilevamento e risposta
  • User Protection
  • Contatta il Team Commerciale
  • Sedi
  • Assistenza
  • Trova un partner
  • Scopri i prossimi eventi
  • Social media
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
  • Instagram
  • +39 02 925931
  • Security Alert su Microsoft Exchange Server: gli Attacchi utilizzano Vulnerabilità Zero-Day

    Come proteggersi
  • Al momento non ci sono nuove notifiche.
  • Motori di scansione
  • Tutti i file pattern
  • Tutti i download
  • Iscriviti al Download Center RSS
  • Trova un partner
  • Online store privati e ufficio
  • Rinnovo online
  • Strumenti gratuiti
  • Contatta un rivenditore
  • Sedi in tutto il mondo
  • +39 02 925931
  • Piccole imprese
  • Acquista online
  • Rinnovo online
    • America
    • Stati Uniti
    • Brasile
    • Canada
    • Messico
    • Medio Oriente e Africa
    • Sudafrica
    • Medio Oriente e Nord Africa
    • Europa
    • België (Belgio)
    • Česká Republika (Repubblica Ceca)
    • Danmark (Danimarca)
    • Germania, Austria, Svizzera
    • España (Spagna)
    • France (Francia)
    • Ireland (Irlanda)
    • Italia
    • Nederland (Paesi Bassi)
    • Norge (Norvegia)
    • Polska (Polonia)
    • Suomi (Finlandia)
    • Svezia
    • Turchia
    • United Kingdom (Regno Unito)
    • Asia e Pacifico
    • Australia
    • Центральная Азия (Asia Centrale)
    • Hong Kong (Inglese)
    • 香港 (中文) (Hong Kong)
    • भारत गणराज्य (India)
    • Indonesia
    • 日本 (Giappone)
    • 대한민국 (Corea del Sud)
    • Malaysia
    • Монголия (Mongolia) e рузия (Georgia)
    • Nuova Zelanda
    • Filippine
    • Singapore
    • 台灣 (Taiwan)
    • ประเทศไทย (Thailand)
    • Việt Nam (Vietnam)
  • La mia assistenza
  • Accedi all'assistenza
  • Partner Portal
  • Soluzioni per privati
  • Il mio Account
  • Portale dispositivi smarriti
  • Trend Micro Vault
  • Password Manager
  • Customer Licensing Portal
  • Monitoraggio dei casi online
  • Assistenza Premium
  • Worry-Free Business Security Services
  • Remote Manager
  • Cloud One
  • Affiliato di riferimento
  • Affiliato di riferimento
  • Cloud
  • Rilevamento e risposta
  • User Protection
  • Contatta il Team Commerciale
  • Sedi
  • Assistenza
  • Trova un partner
  • Scopri i prossimi eventi
  • Social media
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
  • Instagram
  • +39 02 925931
    undefined
  • Informazioni sulla sicurezza
  • Internet of Things
  • Inside the Smart Home: IoT Device Threats and Attack Scenarios

Inside the Smart Home: IoT Device Threats and Attack Scenarios

30 luglio 2019
  • Email
  • Facebook
  • Twitter
  • Google+
  • Linkedin

Download IoT Device Security: Locking Out Risks and Threats to Smart Homes Download IoT Device Security: Locking Out Risks and Threats to Smart Homes

By Ziv Chang, Trend Micro Research

A smart home is made up of a number of different devices connected to the internet of things (IoT), each with a specific set of functions. No matter how different these devices are from one another, they have the shared goal of streamlining the tasks and simplifying the lives of their users. Together they paint an enticing image of comfort and convenience. However, just as these devices have revolutionized home living, they have also given rise to new complications for home security.

We detail different smart home attack scenarios and discuss the different attack layers of IoT devices in our paper, "IoT Device Security: Locking Out Risks and Threats to Smart Homes." Here we give an overview of the possible attack scenarios for various smart home devices and suggest security solutions.

Inside a smart home

A smart home gives users extensive access to many aspects of their home, even from a remote location. For example, users can monitor their home in real time through a mobile app or web interface. They can also initiate certain actions remotely, such as communicating with their children using a smart toy or unlocking a smart lock for a trusted friend.

Smart home devices also provide automatic and chained functions that can make day-to-day living more convenient for users. For example, in the morning the smart coffee maker starts brewing before the users need to get up for work. Once the users are in the kitchen, the smart refrigerator alerts them that they are low on supplies, if it has not yet ordered the needed items. As the users go out the door, the smart lock automatically locks behind them. And now that the house is empty, the smart robot vacuum cleaner starts its scheduled cleaning.

This scenario and plenty of others are possible if users have good control and visibility over the deployed devices in their smart homes. But problems arise if this control and visibility, unbeknown to the users, shift to malicious actors.

Compromised devices in a smart home

Existing vulnerabilities, poor configuration, and the use of default passwords are among the factors that can aid a hacker in compromising at least one device in a smart home system. Once a single device is compromised, hackers can take a number of actions based on the capabilities and functions of the device. We illustrate some of them here.

Starting from the front door, there can be a smart lock. If compromised, the smart lock can give hackers control over who comes in or out of the house. The most obvious action available for hackers, then, would be to let intruders or accomplices in to the house, and another would be to lock out the actual residents.

Inside the living room, several other devices can be set up. One of these can be a smart speaker, which serves as the conduit for voice-initiated home automation commands. If compromised, a voice-activated device such as a smart speaker can allow hackers to issue voice commands of their own.

In the kitchen, devices like a smart refrigerator and a smart coffee maker can cause major issues if successfully hacked. Hackers can set up a smart refrigerator to register wrong expiration dates or order an immense amount of groceries online. And even a smart coffee maker can cause great inconvenience if commanded by hackers to brew coffee incessantly.

Smart devices can now also be found even in the bathroom, most commonly in the form of smart toilets. A smart toilet has different features, such as sensing the right amount of water for flushing waste, that can be very helpful for users. But hackers can use some of its features to make the device act up, by making the toilet flush repeatedly or let water flow continuously from the bidet.

Hover overTap warning sign for more info.

Specific members of the household can also be targeted depending on the device being compromised. In the case of children, compromised smart toys pose a particular risk. Hackers can, for example, communicate with the child directly or quietly record the child’s activities using the toy. Vulnerable smart toys illustrate how even items that are safe enough for child use can still cause harm if compromised.

Smart bulbs can be installed all around the house, from the basement to the attic. They can be turned on or off depending on the time of day or amount of movement or ambient light detected. But hackers can use these seemingly simple devices to disturb residents, by switching them on at inconvenient times, among other actions.

Devices like smart robot vacuum cleaners, which have some mobility around the house, can provide hackers information about the home’s layout. This information can be used by the hackers in planning further activities and movements.

The point where smart devices are connected can also prove useful for hackers. Hackers can use the home gateway to redirect or modify connections to their advantage. This demonstrates that anything connected to the smart home network can be as useful to a resourceful hacker as it is to the actual owner.

Outside a smart home

Although our discussion of compromise and its consequences has centered on smart homes, the same problems can exist anywhere vulnerable or misconfigured devices are deployed. The consequences of a successful attack on a particular IoT system depend on the kind of environment the system is used for.

Many, if not all, of the devices mentioned above can easily be seen in an enterprise setting. An office pantry or break room, for example, can contain a smart refrigerator and a smart coffee maker. And smart bulbs certainly will not be out of place in an enterprise, especially as they can help the business conserve energy if deployed on a large scale.

Portable and wearable smart devices add another layer of complexity to IoT security concerns, as these devices traverse both enterprise and home environments, and have even given rise to updates on many companies’ “bring your own device” (BYOD) policies. These devices, such as smartwatches and smart yoga mats, are typically brought by users to the office, and then brought back home at the end of the work day. A malware infection picked up in one environment, for example, can spread to the other if the BYOD policies in place are weak or if adequate security measures are not taken to prevent such a threat.

Securing smart devices

More than showing what hackers can do with smart devices, these scenarios show how deeply the IoT has become integrated in people’s lives. This is apparent in how there is an applicable IoT device for every part of a home, from the living room and the kitchen to the bathroom and the attic. This deep involvement in people’s lives is what makes IoT attacks both viable for hackers and impactful for users. Arguably, nowhere have cyberthreats been more potentially invasive and personal than in smart homes.

It is all the more reason, then, for users to secure the IoT devices in their smart homes. Here are some security measures that users can take to protect and defend their smart homes against attacks on IoT devices:

  • Map all connected devices. All devices connected to the network, whether at home or at the enterprise level, should be well accounted for. Their settings, credentials, firmware versions, and recent patches should be noted. This step can help assess which security measures the users should take and pinpoint which devices may have to be replaced or updated.
  • Change default passwords and settings. Make sure that the settings used by each device are aligned toward stronger security, and change the settings if this is not the case. Change default and weak passwords to avoid attacks like brute force and unwanted access.
  • Patch vulnerabilities. Patching may be a challenging task, especially for enterprises. But it is integral to apply patches as soon as they are released. For some users, patches may disrupt their regular processes, for which virtual patching could be an option.
  • Apply network segmentation. Use network segmentation to prevent the spread of attacks, and isolate possibly problematic devices that cannot be immediately taken offline.

Read our paper, “IoT Device Security: Locking Out Risks and Threats to Smart Homes,” for more on this topic, including descriptions of other attack scenarios, a discussion of the different attack layers of an IoT device, and further security steps users can follow to keep their smart homes safe.


HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Pubblicato in Internet of Things, Research, Vulnerabilities, Exploits, Device Management

Storie correlate

  • Rethinking Tactics: Annual Cybersecurity Roundup 2022
  • Future/Tense: Previsioni Trend Micro sulla sicurezza per il 2023
  • Trend Micro Security Predictions for 2023: Future/Tense
  • Industria 4.0: alla scoperta dei punti deboli delle macchine a controllo numerico
  • Leaked Today, Exploited for Life: How Social Media Biometric Patterns Affect Your Future

Ultime notizie

  • A Growing Goldmine: Your LinkedIn Data Abused for Cybercrime
  • IPFS: A New Data Frontier or a New Cybercriminal Hideout?
  • Zero Trust Security: A Practical Guide for Cloud-Native Environments
  • Ransomware Spotlight: Royal
  • Rethinking Tactics: Annual Cybersecurity Roundup 2022

Storie in primo piano

  • Internet of Things
  • Virtualization & Cloud
  • Ransomware
  • Securing Home Routers
  • Uncovering Security Weak Spots in Industry 4.0 CNC Machines
    • Leaked Today, Exploited for Life: How Social Media Biometric Patterns Affect Your Future
    • 5G and Aviation: A Look Into Security and Technology Upgrades Working in Tandem
  • Analyzing the Risks of Using Environment Variables for Serverless Management
    • An Analysis of Azure Managed Identities Within Serverless Environments
    • Using Custom Containers in Serverless Environments for Better Security
  • Ransomware Spotlight: Royal
    • Rethinking Tactics: Annual Cybersecurity Roundup 2022
    • Understanding Ransomware Using Data Science
  • Alexa and Google Home Devices can be Abused to Phish and Eavesdrop on Users, Research Finds
    • Mirai Variant Spotted Using Multiple Exploits, Targets Various Routers
    • A Look Into the Most Noteworthy Home Network Security Threats of 2017

Trend Micro Security Predictions for 2023: Future/Tense

Trend Micro Security Predictions for 2023: Future/Tense

Enterprises and organizations are facing a period of transition and uncertainty – malicious actors will hunker down and reuse tried-and-tested tools and techniques.
View the 2023 Trend Micro Security Predictions

Annual Cybersecurity Roundup 2022

Rethinking Tactics: Annual Cybersecurity Roundup 2022

Our annual cybersecurity report sheds light on the major security concerns that surfaced and prevailed in 2022.
View the report

  • Contatta un rivenditore
  • Sedi
  • Lavora con noi
  • Notizie
  • Trust Center
  • Privacy
  • Assistenza
  • Mappa del sito
  • linkedin
  • twitter
  • facebook
  • youtube
  • instagram
  • rss
Copyright © 2022 Trend Micro Incorporated. Tutti i diritti riservati.