If you’re planning to trick out your home with connected devices so you can do things like unlock doors remotely and check in on the kids from your office with a webcam, you’ll want to double-check that all your gadgets are properly secured.
Ars Technica found that Shodan, a search engine for Internet of Things (IoT) devices, now has a section that lets you view feeds from vulnerable webcams with just a few clicks.
It’s creepy that with no technical knowledge or even a paid Shodan account, you can snoop on people’s homes, residential neighborhoods and other spaces. But what’s scarier still is that we may possibly be heading towards a future where poorly secured devices run our lives.
Security researcher Dan Tentler told Ars Technica that webcam manufacturers are racing to deliver gadgets at lower prices than before, and cutting corners on features that customers don’t care about — such as security.
In addition to allowing attackers to gain control of individual devices, poor security also lets them use a network of gadgets as an attack vector, letting them do things like launch a distributed denial of service (DDoS) attack.
There are measures that can be implemented to arrest the flow of insecure devices into the market, such as the introduction of regulations by government agencies like the US’ Federal Trade Commission (FTC).
The FTC said it has previously cracked down on companies that did not reasonably secure their networks, products, or services. It has already prosecuted some IoT manufacturers and issued a security best practices guide for them so they can develop products that are safe to use.
The agency adds that it has asked Congress for federal legislation that would give it the authority to seek civil penalties for companies that don’t implement reasonable security.[related-posts]
Another measure involves private and government-run consumer reporting bodies that could vet products for safety and security standards, and rate them on a five-star scale to help people choose the best products for their needs.
Under the banner I Am The Cavalry, a group of researchers is developing a simple rating system for consumer IoT devices based on criteria like whether products use weak passwords out of the box and how difficult their onboard memory media is to remove or tamper with.
Ultimately, consumers need to understand the consequences of poorly-secured devices and services and demand better built-in security. There are many firms out there that take customers’ trust for granted, and it’s time we put a stop to that for our own safety.