企業

search close
  • 解決方案
    • 依挑戰
      • 依挑戰
        • 依挑戰
          進一步了解
      • 了解、判斷優先次序,並且防範風險
        • 了解、判斷優先次序,並且防範風險

          藉由受攻擊面管理來改善您的曝險狀況。

          進一步了解
      • 保護雲端原生應用程式
        • 保護雲端原生應用程式

          能支援業務發展的防護。

          進一步了解
      • 保護您的混合環境
        • 保護您的混合、多重雲端環境

          採用防護來掌握可視性並達成業務需求。

          進一步了解
      • 保護您無疆界的人力
        • 保護您無疆界的人力

          安心從任何地點、任何裝置進行連線。

          進一步了解
      • 消除網路盲點
        • 消除網路盲點

          保護您整個環境的使用者與關鍵作業。

          進一步了解
      • 掌握更多資訊、更快回應
        • 掌握更多資訊、更快回應

          善用專為特定用途打造的強大 XDR、受攻擊面風險管理,以及零信任功能,讓您領先敵人一步。

          進一步了解
      • 強化您的團隊
        • 強化您的團隊 敏捷的應對威脅

          藉由主動降低風險以及託管式服務來發揮最大效用。

          進一步了解
      • 將零信任融入營運當中
        • 將零信任融入營運當中

          了解您的受攻擊面、即時評估您的風險,並且從單一主控台來調整您網路、工作負載及裝置的政策。

          進一步了解
    • 依角色
      • 依角色
        • 依角色
          進一步了解
      • 資安長
        • 資安長

          藉由可衡量的網路資安成果來創造商業價值。

          進一步了解
      • SOC 主管
        • SOC 經理

          掌握更多資訊、更快採取行動。

          進一步了解
      • 基礎架構主管
        • 基礎架構主管

          經由資安演進來迅速有效地防範威脅。

          進一步了解
      • 雲端建構人員與開發人員
        • 雲端建構人員與開發人員

          確保程式碼能正常運作。

          進一步了解
      • 雲端資安營運
        • 雲端資安營運

          採用專為雲端環境設計的防護來取得可視性與控管能力。

          進一步了解
    • 依產業別
      • 依產業別
        • 依產業別
          進一步了解
      • 醫療
        • 醫療

          保護病患資料、裝置及網路,同時達成法規要求。

          進一步了解
      • 製造
        • 製造

          保護您的工廠環境,從傳統裝置到最先進的基礎架構。

          進一步了解
      • 石油及天然氣
        • 石油及天然氣

          專為石油及天然氣公共事業設計的 ICS/OT Security。

          進一步了解
      • 電力公司
        • 電力公司

          專為電力公司設計的 ICT/OT Security。

          進一步了解
      • 汽車
        • 汽車
          進一步了解
      • 5G 網路
        • 5G 網路
          進一步了解
    • 中小企業防護
      • 中小企業防護

        透過全面的防護阻止威脅

        進一步了解
  • 平台
    • Vision One 平台
      • Vision One 平台
        • Trend Vision One
          我們的全方位平台

          跨越威脅防護與資安風險管理之間的鴻溝

          進一步了解
      • AI Companion
        • Trend Vision One Companion

          您的生成式 AI 網路資安助理

          進一步了解
    • 攻擊面管理
      • 攻擊面管理

        在資安事件發生之前預先加以阻止

        進一步了解
    • XDR (延伸式偵測及回應)
      • XDR (延伸式偵測及回應)

        從單一平台獲得更寬廣的視野與更豐富的情境資訊來追蹤、偵測、調查及回應威脅,進而更快攔截敵人。

        進一步了解
    • 雲端防護
      • 雲端防護
        • Trend Vision One™
          雲端防護總覽

          最受信賴且專為開發人員、資安團隊及企業設計的雲端防護平台。

          進一步了解
      • 雲端攻擊面風險管理
        • 雲端攻擊面風險管理

          將雲端資產發掘、漏洞優先次序判斷、雲端資安狀況管理,以及攻擊面管理全部集合在一起

          進一步了解
      • 適用雲端的 XDR
        • 適用雲端的 XDR

          將可視性延伸至雲端並簡化 SOC 調查工作。

          進一步了解
      • Workload Security
        • Workload Security

          採用一套具備 CNAPP 功能的雲端防護平台來保護您的資料中心、雲端和容器而不犧牲效能或資安。

          進一步了解
      • Container Security
        • Container Security

          採用進階容器映像掃描、政策導向核准控管以及容器執行時期防護來簡化您的雲端原生應用程式防護。

          進一步了解
      • File Security
        • File Security

          保護應用程式流程與雲端儲存以防範進階威脅。

          進一步了解
    • Endpoint Security
      • Endpoint Security
        • 端點防護總覽

          在攻擊的每一個階段保護端點。

          進一步了解
      • 適用端點的 XDR
        • 適用端點的 XDR

          從單一平台獲得更寬廣的視野與更豐富的情境資訊來追蹤、偵測、調查及回應威脅,進而更快攔截敵人。

          進一步了解
      • Workload Security
        • Workload Security

          專為端點、伺服器及雲端工作負載最佳化的預防、偵測及回應。

          進一步了解
      • 工業端點防護
        • 工業端點防護
          進一步了解
      • 行動安全防護
        • 行動安全防護

          企業內及雲端惡意程式防護、惡意應用程式防護與其他行動威脅防護。

          進一步了解
    • Network Security 網路防護
      • Network Security 網路防護
        • 網路防護總覽

          藉由網路偵測及回應來拓展 XDR 功能。

          進一步了解
      • 適用網路的 XDR
        • 適用網路的 XDR

          從單一平台獲得更寬廣的視野與更豐富的情境資訊來追蹤、偵測、調查及回應威脅,進而更快攔截敵人。

          進一步了解
      • 網路入侵防護 (IPS)
        • 網路入侵防護 (IPS)

          防範您網路內已知、未知及未公開的漏洞。

          進一步了解
      • 入侵偵測系統 (BDS)
        • 入侵偵測系統 (BDS)

          偵測及回應對內、對外及橫向擴散的針對性攻擊。

          進一步了解
      • 安全服務邊緣 (SSE)
        • 安全服務邊緣 (SSE)

          藉由持續的風險評估,重新定義信任與安全的數位轉型。

          進一步了解
      • 工業網路防護
        • 工業網路防護
          進一步了解
      • 5G 網路防護
        • 5G 網路防護
          進一步了解
    • 電子郵件防護
      • 電子郵件防護
        • 電子郵件防護

          攔截網路釣魚、惡意程式、勒索病毒、詐騙,並防範針對性攻擊滲透您的企業。

          進一步了解
      • Email and Collaboration Security
        • Trend Vision One™
          Email and Collaboration Security

          攔截任何電子郵件服務上的網路釣魚、勒索病毒以及針對性攻擊,包括 Microsoft 365 與 Google Workspace。

          進一步了解
    • OT 防護
      • OT 防護
        • OT 防護

          了解專為 ICS 與 OT 設計的資安解決方案。

          進一步了解
      • 適用 OT 的 XDR
        • 適用 OT 的 XDR

          從單一平台獲得更寬廣的視野與更豐富的情境資訊來追蹤、偵測、調查及回應威脅,進而更快攔截敵人。

          進一步了解
      • 工業端點防護
        • 工業端點防護
          進一步了解
      • 工業網路防護
        • 工業網路防護
          工業網路防護
    • Threat Insights
      • Threat Insights

        提前知曉威脅來臨。

        進一步了解
    • Identity Security
      • Identity Security

        端對端的身分防護,從身分狀況管理到偵測及回應。

        進一步了解
    • On-Premises Data Sovereignty
      • 企業內資料主權

        在不犧牲資料主權的情況下防範、偵測、回應及防護。

        進一步了解
    • 所有產品、服務及試用
      • 所有產品、服務及試用
        進一步了解
  • 研究報告
    • 研究報告
      • 部落格
        • 部落格
          進一步了解
      • 年度預測與資安報告(中文版)
        • 年度預測與資安報告(中文版)
          進一步了解
      • 研究報告、新聞與觀點
        • 研究報告、新聞與觀點
          進一步了解
      • 研究與分析
        • 研究與分析
          進一步了解
      • 資安新聞
        • 資安新聞
          進一步了解
      • ZDI 漏洞懸賞計畫
        • ZDI 漏洞懸賞計畫
          進一步了解
  • 部落格
    • 部落格
      • 部落格
        進一步了解
  • 服務
    • 我們的服務
      • Managed XDR
        • Managed XDR

          採用專家託管式偵測及回應 (MDR) 來強化威脅偵測,掌握電子郵件、端點、伺服器、雲端工作負載以及網路的威脅

          進一步了解
      • 支援服務
        • 支援服務
          進一步了解
  • 合作夥伴
    • 合作夥伴方案
      • 合作夥伴方案
        • 合作夥伴方案簡介

          採用最優異的全方位多層式防護來安心拓展您的業務並保護您的客戶。

          進一步了解
      • 雲端服務供應商
        • 雲端服務供應商

          在您的雲端服務陣容當中加入市場領先的資安防護,不論您使用何種平台。

          進一步了解
    • 策略聯盟夥伴
      • 策略聯盟夥伴
        • 策略聯盟總覽

          我們與最頂尖的廠商合作來協助您創造最大的績效與價值。

          進一步了解
      • 我們的策略聯盟夥伴
        • 我們的策略聯盟夥伴
          進一步了解
    • 合作夥伴工具
      • 合作夥伴工具
        • 合作夥伴工具
          進一步了解
      • 合作夥伴登入
        • 合作夥伴登入
          登入
      • 教育訓練與認證
        • 教育訓練與認證
          進一步了解
      • 合作夥伴案例
        • 合作夥伴案例
          進一步了解
      • 代理商
        • 代理商
          進一步了解
      • 尋找合作夥伴
        • 尋找合作夥伴
          進一步了解
  • 公司
    • 為何選擇趨勢科技?
      • 為何選擇趨勢科技?
        • 為何選擇趨勢科技?
          進一步了解
      • 客戶成功故事
        • 客戶成功故事
          進一步了解
      • 產業榮耀
        • 產業榮耀
          進一步了解
      • 策略聯盟
        • 策略聯盟
          進一步了解
      • 人與人的連結
        • 人與人的連結
          進一步了解
    • 關於我們
      • 關於我們
        • 關於我們
          進一步了解
      • Trust Center
        • Trust Center
          進一步了解
      • 歷史沿革
        • 歷史沿革
          進一步了解
      • 多樣性、公平性與包容性
        • 多樣性、公平性與包容性
          進一步了解
      • 企業社會責任
        • 企業社會責任
          進一步了解
      • 經營團隊
        • 經營團隊
          進一步了解
      • 資安專家
        • 資安專家
          進一步了解
      • 網路安全與網路資安教育
        • 網路安全與網路資安教育
          進一步了解
      • 法律資訊
        • 法律資訊
          進一步了解
      • 投資人
        • 投資人
          進一步了解
      • Formula E 賽事
        • Formula E 賽事
          進一步了解
    • 參考資源
      • 新聞中心
        • 新聞中心
          進一步了解
      • 展覽與研討會
        • 展覽與研討會
          進一步了解
      • 徵才
        • 徵才
          進一步了解
      • 企業電子報
        • 訂閱企業電子報
          進一步了解
    • 趨勢科技與競爭對手比較
      • 趨勢科技與競爭對手比較
        • 趨勢科技與競爭對手比較

          看看趨勢科技如何勝過競爭對手

          讓我們開始吧
      • 對比 CrowdStrike
        • 趨勢科技對比 Crowdstrike

          Crowdstrike 經由其雲端原生平台提供了有效的資安防護,但價格卻可能超出企業的預算,尤其是追求成本效益及擴充性的企業,他們想要的是一套真正的單一平台。

          讓我們開始吧
      • 對比 Microsoft
        • 趨勢科技對上 Microsoft

          Microsoft 提供了一層基礎的防護,但通常需要搭配一些解決方案來加以補強,才能徹底解決客戶的資安問題。

          讓我們開始吧
      • 對比 Palo Alto Networks
        • 趨勢科技對比 Palo Alto Networks

          Palo Alto Networks 提供了進階的網路資安解決方案,但其整套方案了解起來卻相當複雜,而且要解鎖其所有功能需要相當多的投資。

          讓我們開始吧
  • 免費試用
  • 與我們聯絡
前往家用產品
與我們聯繫
技術支援
  • 企業支援入口
  • 教育訓練與認證
  • 聯絡支援人員
  • 尋找支援合作夥伴
參考資源
  • AI Security
  • 趨勢科技 vs. 競爭對手
  • 網路資安風險指標/評估
  • 「What Is?」
  • 威脅百科
  • 資安險
  • 名詞解釋
  • 年度預測
登入
  • Vision One
  • 技術支援
  • 合作夥伴入口網站
  • Cloud One
  • 產品啟動與管理
arrow_back
search
close
  • Security News
  • Internet of Things
  • Inside the Smart Home: IoT Device Threats and Attack Scenarios

Inside the Smart Home: IoT Device Threats and Attack Scenarios

July 30, 2019
  • Email
  • Facebook
  • Twitter
  • Google+
  • Linkedin

Download IoT Device Security: Locking Out Risks and Threats to Smart Homes Download IoT Device Security: Locking Out Risks and Threats to Smart Homes

By Ziv Chang, Trend Micro Research

A smart home is made up of a number of different devices connected to the internet of things (IoT), each with a specific set of functions. No matter how different these devices are from one another, they have the shared goal of streamlining the tasks and simplifying the lives of their users. Together they paint an enticing image of comfort and convenience. However, just as these devices have revolutionized home living, they have also given rise to new complications for home security.

We detail different smart home attack scenarios and discuss the different attack layers of IoT devices in our paper, "IoT Device Security: Locking Out Risks and Threats to Smart Homes." Here we give an overview of the possible attack scenarios for various smart home devices and suggest security solutions.

Inside a smart home

A smart home gives users extensive access to many aspects of their home, even from a remote location. For example, users can monitor their home in real time through a mobile app or web interface. They can also initiate certain actions remotely, such as communicating with their children using a smart toy or unlocking a smart lock for a trusted friend.

Smart home devices also provide automatic and chained functions that can make day-to-day living more convenient for users. For example, in the morning the smart coffee maker starts brewing before the users need to get up for work. Once the users are in the kitchen, the smart refrigerator alerts them that they are low on supplies, if it has not yet ordered the needed items. As the users go out the door, the smart lock automatically locks behind them. And now that the house is empty, the smart robot vacuum cleaner starts its scheduled cleaning.

This scenario and plenty of others are possible if users have good control and visibility over the deployed devices in their smart homes. But problems arise if this control and visibility, unbeknown to the users, shift to malicious actors.

Compromised devices in a smart home

Existing vulnerabilities, poor configuration, and the use of default passwords are among the factors that can aid a hacker in compromising at least one device in a smart home system. Once a single device is compromised, hackers can take a number of actions based on the capabilities and functions of the device. We illustrate some of them here.

Starting from the front door, there can be a smart lock. If compromised, the smart lock can give hackers control over who comes in or out of the house. The most obvious action available for hackers, then, would be to let intruders or accomplices in to the house, and another would be to lock out the actual residents.

Inside the living room, several other devices can be set up. One of these can be a smart speaker, which serves as the conduit for voice-initiated home automation commands. If compromised, a voice-activated device such as a smart speaker can allow hackers to issue voice commands of their own.

In the kitchen, devices like a smart refrigerator and a smart coffee maker can cause major issues if successfully hacked. Hackers can set up a smart refrigerator to register wrong expiration dates or order an immense amount of groceries online. And even a smart coffee maker can cause great inconvenience if commanded by hackers to brew coffee incessantly.

Smart devices can now also be found even in the bathroom, most commonly in the form of smart toilets. A smart toilet has different features, such as sensing the right amount of water for flushing waste, that can be very helpful for users. But hackers can use some of its features to make the device act up, by making the toilet flush repeatedly or let water flow continuously from the bidet.

Hover overTap warning sign for more info.

Specific members of the household can also be targeted depending on the device being compromised. In the case of children, compromised smart toys pose a particular risk. Hackers can, for example, communicate with the child directly or quietly record the child’s activities using the toy. Vulnerable smart toys illustrate how even items that are safe enough for child use can still cause harm if compromised.

Smart bulbs can be installed all around the house, from the basement to the attic. They can be turned on or off depending on the time of day or amount of movement or ambient light detected. But hackers can use these seemingly simple devices to disturb residents, by switching them on at inconvenient times, among other actions.

Devices like smart robot vacuum cleaners, which have some mobility around the house, can provide hackers information about the home’s layout. This information can be used by the hackers in planning further activities and movements.

The point where smart devices are connected can also prove useful for hackers. Hackers can use the home gateway to redirect or modify connections to their advantage. This demonstrates that anything connected to the smart home network can be as useful to a resourceful hacker as it is to the actual owner.

Outside a smart home

Although our discussion of compromise and its consequences has centered on smart homes, the same problems can exist anywhere vulnerable or misconfigured devices are deployed. The consequences of a successful attack on a particular IoT system depend on the kind of environment the system is used for.

Many, if not all, of the devices mentioned above can easily be seen in an enterprise setting. An office pantry or break room, for example, can contain a smart refrigerator and a smart coffee maker. And smart bulbs certainly will not be out of place in an enterprise, especially as they can help the business conserve energy if deployed on a large scale.

Portable and wearable smart devices add another layer of complexity to IoT security concerns, as these devices traverse both enterprise and home environments, and have even given rise to updates on many companies’ “bring your own device” (BYOD) policies. These devices, such as smartwatches and smart yoga mats, are typically brought by users to the office, and then brought back home at the end of the work day. A malware infection picked up in one environment, for example, can spread to the other if the BYOD policies in place are weak or if adequate security measures are not taken to prevent such a threat.

Securing smart devices

More than showing what hackers can do with smart devices, these scenarios show how deeply the IoT has become integrated in people’s lives. This is apparent in how there is an applicable IoT device for every part of a home, from the living room and the kitchen to the bathroom and the attic. This deep involvement in people’s lives is what makes IoT attacks both viable for hackers and impactful for users. Arguably, nowhere have cyberthreats been more potentially invasive and personal than in smart homes.

It is all the more reason, then, for users to secure the IoT devices in their smart homes. Here are some security measures that users can take to protect and defend their smart homes against attacks on IoT devices:

  • Map all connected devices. All devices connected to the network, whether at home or at the enterprise level, should be well accounted for. Their settings, credentials, firmware versions, and recent patches should be noted. This step can help assess which security measures the users should take and pinpoint which devices may have to be replaced or updated.
  • Change default passwords and settings. Make sure that the settings used by each device are aligned toward stronger security, and change the settings if this is not the case. Change default and weak passwords to avoid attacks like brute force and unwanted access.
  • Patch vulnerabilities. Patching may be a challenging task, especially for enterprises. But it is integral to apply patches as soon as they are released. For some users, patches may disrupt their regular processes, for which virtual patching could be an option.
  • Apply network segmentation. Use network segmentation to prevent the spread of attacks, and isolate possibly problematic devices that cannot be immediately taken offline.

Read our paper, “IoT Device Security: Locking Out Risks and Threats to Smart Homes,” for more on this topic, including descriptions of other attack scenarios, a discussion of the different attack layers of an IoT device, and further security steps users can follow to keep their smart homes safe.


HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Posted in Internet of Things, Research, Vulnerabilities, Exploits, Device Management

Related Posts

  • Cellular IoT Vulnerabilities: Another Door to Cellular Networks
  • UNWIRED: Understanding the Unforeseen Risks in Evolving Communication Channels
  • Pushing the Outer Limits: Trend Micro 2024 Midyear Cybersecurity Threat Report
  • Today’s Cloud and Container Misconfigurations Are Tomorrow’s Critical Vulnerabilities
  • Kong API Gateway Misconfigurations: An API Gateway Security Case Study

Recent Posts

  • Unveiling AI Agent Vulnerabilities Part IV: Database Access Vulnerabilities
  • Unveiling AI Agent Vulnerabilities Part III: Data Exfiltration
  • Unveiling AI Agent Vulnerabilities Part II: Code Execution
  • Unveiling AI Agent Vulnerabilities Part I: Introduction to AI Agent Vulnerabilities
  • The Ever-Evolving Threat of the Russian-Speaking Cybercriminal Underground

We Recommend

  • Internet of Things
  • Virtualization & Cloud
  • Ransomware
  • Security Technology
  • Cellular IoT Vulnerabilities: Another Door to Cellular Networks
    • UNWIRED: Understanding the Unforeseen Risks in Evolving Communication Channels
    • MQTT and M2M: Do You Know Who Owns Your Machine’s Data?
  • AI in the Crosshairs: Understanding and Detecting Attacks on AWS AI Services with Trend Vision One™
    • Today’s Cloud and Container Misconfigurations Are Tomorrow’s Critical Vulnerabilities
    • Uncover Cloud Attacks with Trend Vision One and CloudTrail
  • Trend 2025 Cyber Risk Report
    • Ransomware Spotlight: Ransomhub
    • From Vulnerable to Resilient: Cutting Ransomware Risk with Proactive Cyber Risk Exposure Management
  • CES 2025: A Comprehensive Look at AI Digital Assistants and Their Security Risks
    • AI Assistants in the Future: Security Concerns and Risk Management
    • The Realities of Quantum Machine Learning

2025 Trend Micro Cyber Risk Report

2025 Trend Micro Cyber Risk Report

View the report

The Easy Way In/Out: Securing The Artificial Future, Trend Micro Security Predictions for 2025

2025 Trend Micro Security Predictions

View the 2025 Trend Micro Security Predictions

免費試用我們的服務 30 天

  • 立即開始免費試用

參考資源

  • 部落格
  • 新聞中心
  • 資安報告
  • 尋找合作夥伴

技術支援

  • 企業支援入口
  • 與我們聯絡
  • 下載
  • 免費試用

關於趨勢

  • 關於我們
  • 徵才
  • 營業據點
  • 展覽與研討會
  • Trust Center

總部

趨勢科技 - 台灣 (TW)

106 台北市
大安區 敦化南路二段
198號8樓

電話:+886-02-2378-9666

選擇國家/地區

close

美洲 (The Americas)

  • 美國 (United States)
  • 巴西 (Brasil)
  • 加拿大 (Canada)
  • 墨西哥 (México)

中東與非洲 (Middle East & Africa)

  • 南非
  • 中東與北非 (Middle East and North Africa)

歐洲

  • 比利時 (België) (Belgium)
  • 捷克 (Česká Republika) (Czech Republic)
  • 丹麥 (Danmark)
  • 德國、奧地利、瑞士 (Deutschland, Österreich, Schweiz) (Germany, Austria, Switzerland)
  • 西班牙 (España) (Spain)
  • 法國 (France)
  • 愛爾蘭 (Ireland)
  • 義大利 (Italia) (Italy)
  • 荷蘭 (Nederland) (Netherlands)
  • 挪威 (Norge) (Norway)
  • 波蘭 (Polska) (Poland)
  • 芬蘭 (Suomi) (Finland)
  • 瑞典 (Sverige) (Sweden)
  • 土耳其 (Türkiye) (Turkey)
  • 英國 (United Kingdom)

亞太地區 (Asia Pacific)

  • 澳洲 (Australia)
  • 中亞 (Центральная Азия) (Central Asia)
  • 香港 (English) (Hong Kong)
  • 香港 (中文) (Hong Kong)
  • 印度 (भारत गणराज्य) (India)
  • 印尼 (Indonesia)
  • 日本 (Japan)
  • 南韓 (대한민국) (South Korea)
  • 馬來西亞 (Malaysia)
  • 蒙古與喬治亞 (Монголия) (Mongolia) and (рузия) (Georgia)
  • 紐西蘭 (New Zealand)
  • 菲律賓 (Philippines)
  • 新加坡 (Singapore)
  • 台灣 (Taiwan)
  • ประเทศไทย (Thailand)
  • 越南 (Việt Nam) (Vietnam)

隱私權 | 法律資訊 | 身心障礙輔助 | 網站地圖

©2024 年版權所有。趨勢科技股份有限公司保留所有權利。