Out-Law / Your Daily Need-To-Know

Hackers targeting connected devices will take advantage of poor router security, according to firm

10 Dec 2014, 12:52 pm

User apathy about changing default passwords and poor default security levels will make routers a "prime target" for hackers as more devices become connected to the so-called 'internet of things', a security specialist has said.

In an interview with V3, Ondrej Vlcek of security firm Avast said that the increasing use of connected devices created new opportunities for hackers. However, he said that control of the local networks connecting multiple devices were likely to be far more valuable to cyber criminals than the individual devices themselves.

"[Routers are] the easiest device of them all to attack, because they are so vulnerable and riddled with problems," he said.

"Instead of going through the individual devices, there will be more motivation to hijack the network, because the network is really where it is all happening. Hijacking the network is by far more valuable, you can do much more harm by owning the network than you can from trying to hack into individual data. It makes more sense and it is more practical for hackers to focus on hijacking the network," he said.

However, he said that it was unlikely that malware going through connected devices would ever "grow above some anecdotal trivial level".

"In general, the attacker will always be where the money is. If there is a way to make money through hacking into your thermostat then yes. But that doesn't necessarily mean that the hacker will have to install malware on the thermostat," he said.

The internet of things is a term used to loosely describe the increasing interconnection of devices and the associated rise in the creation and flow of data between those machines.

Last month, UK privacy watchdog the Information Commissioner's Office (ICO) issued a "general alert" to users of baby monitors, stand-alone webcams and CCTV systems, urging them to set hard-to-guess passwords and turn off remote access to devices if this was not a facility that they used. The alert came after a Russia-based website claimed to be screening live footage from "thousands" of insecure cameras around the world.

"As the ICO pointed out, smart devices offer great convenience to consumers but that convenience sometimes comes at the expense of an increased risk of data leakage," said technology and privacy law expert Iain Monaghan of Pinsent Masons, the law firm behind Out-Law.com.

"The risk can often be dealt with through basic steps, like using sensible passwords; but that requires manufacturers and retailers to take responsibility for publicising those steps – and consumers to take responsibility for implementing them," he said.