Ben-Gurion University of the Negev (BGU) cyber researchers were able to easily co-opt thermostats, doorbells, home security cameras, baby monitors, and other off-the-shelf devices. Several commonly used devices were disassembled and reverse engineered by the researchers followed by a quick exposure of grave security problems. This activity was included in the ongoing research of the university that identifies various weaknesses of networks and devices growing in the internet of things (IoT) and smart home industries. It is terrifying to see how a pedophile, voyeur, or criminal could easily control these devices, exclaimed Cyber@BGU’s Implementation Security and Side-Channel Attacks Lab head, Dr. Yossi Oren.
Dr. Oren Urges Manufacturers to Stop Using Easy, Hard-coded Passwords
Dr. Oren’s lab member, Omer Shwartz said that it took only 30 minutes to find passwords for the devices used in the research. Moreover, some of the passwords were found by simply searching the brand on Google. The BGU researchers who themselves use few of the devices engaged in the research were able to turn on a camera remotely, turn off a thermostat, and play loud music using a baby monitor in their lab. A complete network of IoT devices such as camera models could be created by hackers, which can be controlled remotely, if they could access one camera, continued Shwartz.
The researchers discovered that the same common passwords are used by different brands for similar products. Furthermore, they found out many ways in which hackers could misuse incompetently secured devices. By simply recovering passwords stored in devices, they were able to log on to complete Wi-Fi networks to gain network access.