How the Internet of Things is Used by Spies, Hackers & Everyone Else

Susanne Posel (OC) : When it comes to honesty, it might not get any better than this. James Clapper, director of National Intelligence, recently told the Senate: “In the future, intelligence services might use the [Internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”

Internet of Things_Surveillance_SP_OC_2016

Internet of Things

Motion, orientation, and magnetic fields can be monitored by sensors in smartphones and fitness trackers. The data can be transferred over the internet.

Gus Hun, chief technology officer for the Central Intelligence Agency (CIA), explained the attraction of the ever expanding internet of things back in 2013: “You’re already a walking sensor platform… As you walk around – and remember, I told you mobile is not secure – you are aware of the fact that somebody can know where you are at all times because you carry a mobile device. Even if that mobile device is turned off. You know this I hope. Yes? No? Well you should… You guys know the Fitbit, right?… We like these things… just simply by looking at the data what they can find out is with pretty good accuracy what your gender is, whether you’re tall or you’re short, whether you’re heavy or light, but what’s really most intriguing is that you can be 100% guaranteed to be identified by simply your gait – how you walk.”

The Federal Bureau of Investigations (FBI) spoke in 2015 about how the internet of things would “open its users up to attack by criminals, including eavesdropping, the theft of personal information, and the gaining of access to victim’s home networks.”

In 2012, it was revealed that the Samsung Smart TV has a vulnerability to hackers gaining access to the webcam. This device can be remotely activated and used as surveillance apparatus on unsuspecting customers.

In fact, the way the television’s applications can be utilized for unintended use residing in the design. Account information such as PayPal, banking and credit card information could be syphoned with the takeover of the television.

Simply put: “The TV to be turned into a literal spy in the living room that is most disturbing, however…by cracking into the browser, the pair was able to seize control of the webcam Samsung integrates into select smart TV models, activating it with no visible indication on the set itself that they are being watched.”

Security researchers from SEC Partners uncovered the compromise: “The exploit works by inserting malicious JavaScript code into text boxes in apps, like a Skype chat window or Facebook comments, the more dynamic a website is, the more opportunities there are for inserting code,” and the core problem was “not with the apps but with the way they were designed for Samsung’s Smart TV.”

Three years ago, researchers at Johns Hopkins University (JHU) discovered security vulnerabilities within the Apple iSight system in the MacBook laptop and iMac desktop units that allow an third party to disable the webcam indicator LED.

The researchers wrote: “In the past few years, the ever-expanding set of sensors present in commodity laptops and smartphones has prompted the security and privacy community to begin searching ways to detect and limit the undesired use of sensors,” the “iSeeYou. At the same time, researchers have demonstrated attacks exploiting the presence of sensors.”

Shockingly, their technique also worked on 1Mac G5 and Intel-based iMacs; as well as 2008 MacBook Pros.

According to the paper: “Our results in this paper demonstrate that, at least in some cases, people have been correct to worry about malware covertly capturing images and video. We show a vulnerability in the iSight webcam that affects a particular range of Apple computers … that can be exploited to turn on the camera and capture images and video without the indicator illuminating.”

Rapid7 released a report last year concerning baby monitors and their susceptibility to hackers.

These devices are cameras mounted over the baby’s crib and run on filming the child and then sending the video stream to a website or app for the parents to view.

In addition to video, a majority of these baby monitors include noise and motion detectors; as well as alerts to the parents when the baby moves or makes a sound.

Rapid7 found security vulnerabilities such as:

• Hidden and unchangeable passwords listed in the manual or online
• Data streams are not encrypted

One way hackers are able to get into baby monitors is a technique called script-kiddies wherein hackers will secretly install malware to spy on occupants from remote locations through webcams and other monitoring devices.

Susanne Posel, Occupy Corporatism

Source Article from http://nsnbc.me/2016/02/11/how-the-internet-of-things-is-used-by-spies-hackers-everyone-else/

Views: 0

You can leave a response, or trackback from your own site.

Leave a Reply

Powered by WordPress | Designed by: Premium WordPress Themes | Thanks to Themes Gallery, Bromoney and Wordpress Themes