Last year internet security companies made forecasts about possible cyber-threats to really worry about this year. This we followed with measures that companies and individuals needed to take to ensure a cyber-safe 2018. Paramount among these was the need for proactive use of protective software tools as well as sensitisation and training of users about these threats.
True to predictions, 2018 started with a scenario hardly anyone could have foreseen. Two serious design vulnerabilities in Computer Central Processing Units (CPUs) were exposed that could enable cyber-criminals to steal sensitive or private information such as passwords, documents and photos among other data from unsecured devices.
The “Meltdown and Spectre” CPU vulnerabilities point to a much larger underlying issue. Software bugs and hardware bugs are more common than not, but these once identified can be fixed fairly easily with either a software patch or firmware update for hardware issues.
However, as it turns out this is not possible with these two vulnerabilities as they are caused by a design flaw in the hardware architecture, only fixable by replacing the actual hardware. And that is where the problems begin.
CPUs of affected manufacturers such as AMD, ARM, Intel, among others appear in a lot of Internet of Things (IoT) devices and which are scattered all over the globe.
According to ARM, they are already “securing” a trillion (1,000,000,000,000) devices. Granted, not all ARM CPUs are affected, but if even 0.1 per cent of them are, it still means a billion (1,000,000,000) affected devices.
Due to the huge costs involved, it is not feasible to replace all these faulty CPUs. In reality people will keep their existing devices until end of their life cycles, for years even.
Deployed for countless and diverse applications in the households or offices, once operational many owners have most likely forgotten that they have them and which inherently leaves a giant gap for cybercriminals to exploit.
Any Wi-Fi-controlled device such as refrigerator, digital picture frames, Smart TVs, DVRs and PVRs etc., potentially provides opportunity for sensitive data to be lost. For example, a compromised Wi-Fi password for any of these can make it possible for anyone to hack your home or office network thus giving automatic access to any other connected platform such as emails, social media pages and even shared cloud or archive platforms.
Even though to get access to your IoT device, a would be attacker needs to have compromised the internet network already, or even the applications running on the device, we know that cyber-criminals just like a pack of wolves will not relent after smelling blood.
As a warning, when you are buying a new IoT device, ensure to check which CPU it is running on, and if that CPU is affected by these vulnerabilities.
IoT is a phrase used often in the cyber security space, but what does it really mean? IoT stands for Internet of Things and to put it simply, refers to any device that can be connected to the internet. This is no longer just computers or cellphones but also refers to Smart TV’s and fridges, coffee machines, headphones, speakers, wearable tech, cars and soon enough, pretty much anything.
A more formal definition of IoT given by TechTarget
The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
With all of these connections, IoT provides endless opportunities but also poses dangers.
These dangers include:
- Your devices being used to spy on you using capabilities such as cameras or voice recording software
- Devices being hacked to obtain personal information or to take over functionality of the device
- In addition to this, having multiple devices connected to the internet opens further opportunities for these devices to bypass firewalls and access other devices on your network.
To help protect your IoT devices, your home network, and even your favorite shopping or social website—ESET has enhanced the Connected Home Monitor feature within its recently released home products, available to try or upgrade to for free.
How the ESET connected home monitor addresses these dangers
The ESET connected home monitor includes IoT vulnerability detection, a router-connected smart devices test, and a catalog list of connected devices on your network.
The enhanced feature is continuously updated to detect and alert you to new devices connected to your network, as well as the latest vulnerabilities affecting your devices. If a vulnerability is found in a device, ESET will report the cause and possible steps you can make to fix it, such as changing default configurations or updating the device’s firmware from the manufacturer.
Start protecting your home today with ESET’s home security products – click here.