Kaspersky Lab experts have found that a variety of seemingly safe products that are connected to the Internet can pose serious security vulnerabilities to a home owner.
Taking a random selection of the latest Internet-of-Things (IoT) products, Kaspersky Lab researchers have discovered serious threats to the connected home. These include a coffeemaker that exposes the homeowner’s Wi-Fi password, a baby video monitor that can be controlled by a malicious third-party, and a smartphone-controlled home security system that can be fooled with a magnet.
In 2014, Kaspersky Lab’s security expert David Jacoby looked around his living-room, and decided to investigate how susceptible the devices he owned were to a cyber-attack. He discovered that almost all of them were vulnerable. Following this, in 2015 a team of Kaspersky Lab antimalware experts repeated the experiment with one little difference: while David’s research was concentrated mostly on network-attached servers, routers and Smart TVs, this latest research was focused on the various connected devices available on the smart home market.
The devices selected for the experiment were as follows: a USB-dongle for video streaming, a smartphone-controlled IP camera, a smartphone-controlled coffee maker, and a smartphone-controlled home security system. The investigation discovered that almost all of these devices contained vulnerabilities.
A baby-monitor camera in the experiment allowed a hacker, whilst using the same network as the camera owner, to connect to the camera, watch the video from it and launch audio on the camera itself. Other cameras from the same vendor allowed hackers to collect owner passwords and the experiment showed it was also possible for a hacker on the same network to retrieve the root password from the camera and maliciously modify the camera’s firmware.
When it comes to app-controlled coffeemakers, it’s not even necessary for an attacker to be on the same network as the victim. The coffeemaker examined during the experiment was sending enough unencrypted information for an attacker to discover the password for the coffeemaker owner’s entire Wi-Fi network.
When looking at a smartphone-controlled home security system, Kaspersky Lab researchers found that the system’s software had just minor issues and was secure enough to resist a cyberattack. Instead, the vulnerability was found in one of the sensors used by the system.
The contact sensor, which is designed to set off the alarm when a door or a window is opened, works by detecting a magnetic field emitted by a magnet mounted on the door or window. When the door or window is opened the magnetic field disappears, causing the sensor to send alarm messages to the system. However, if the magnetic field remains in place, no alarm will be sent.
During the home security system experiment, Kaspersky Lab experts were able to use a simple magnet to replace the magnetic field of the magnet on the window. This meant they could open and close a window without setting off the alarm. The big problem with this vulnerability is that it is impossible to fix it with a software update; the issue is in the design of the home security system itself. What’s more concerning is that magnetic field sensor-based devices are a common type of sensors, used by a multiple home security systems on the market.
“Our experiment, reassuringly, has shown that vendors are considering cyber-security as they develop their IoT devices. Nevertheless, any connected, app-controlled device, is almost certain to have at least one security issue. Criminals might exploit several of these issues at once, which is why it is so important for vendors to fix all issues – even those that are not critical. These vulnerabilities should be fixed before the product even hits the market, as it can be much harder to fix a problem when a device has already been sold to thousands of homeowners”, said Victor Alyushin, Security Researcher at Kaspersky Lab.
In order to help users protect their lives and loved ones from the risks of vulnerable smart home IoT devices, Kaspersky Lab experts advise them to follow several simple rules:
1. Before buying any IoT device, search the Internet for news of any vulnerabilities within that device. The IoT is a very hot topic and a lot of researchers are doing a great job of finding security issues in products of this kind: from baby monitors to app controlled rifles. It is very possible that the device you are going to purchase has been already examined by security researchers and it is possible to find out whether the issues found in the device have been patched.
2. It is not always a great idea to buy the most recent products released on the market. Along with the standard bugs you get in new products, recently-launched devices might contain security issues that haven’t yet been discovered by security researchers. The best advice here is buy products that have already experienced several software updates.
3. When choosing what part of your life you’re going to make a little bit smarter, consider the security risks. If your home is the place where you store many items of material value, it is probably a good idea to choose a professional alarm system, that can replace or complement your existing app-controlled home alarm system; or set-up the existing system in such a way that any potential vulnerabilities would not affect its operation. When choosing a device that will collect information about your personal life and the lives of your family, like a baby monitor, it may be wise to choose the simplest RF-model on the market, one that is only capable of transmitting an audio signal, without Internet connectivity. If that is not an option, than follow our first advice – choose wisely.
Android Go puts reliable smartphones in budget pockets
Nokia, Vodacom and Huawei have all launched entry-level smartphones running the Android Go edition, and all deliver a smooth experience, writes BRYAN TURNER.
Three new and notable Android Go smartphones have recently hit the market, namely the Nokia 1, the Vodafone Smart Kicka 4 and the Huawei Y3 (2018). These phones run one of the most basic versions of Android while still delivering a fairly smooth user experience.
Historically, consumers purchasing smartphones in the budget bracket would have a hit-and-miss experience with processing speed, smoothness of user interface, and app stability. The Google-supported Android Go edition operating system optimises the user experience by stripping out non-important visual effects to speed up the phone. Thish allows for more memory to be used by apps.
Google also ensures that all smartphones running Android Go will receive feature and security updates as they are released by Google. This is a major selling point for these smartphones, as users of this smartphone will always be running the latest software, with virtually no manufacturer bloatware.
Vodafone Smart Kicka 4
At the lowest entry-level, the Vodafone Smart Kicka 4 performs well as a communicator for emails and WhatsApp messages. The 4” screen represents a step up for entry-level Android phones, which were previously standardised at 3.5”.
The display is bright and very responsive, while the limited screen real estate leaves the navigation keys off the screen as touch buttons. It uses 3G connectivity, which might seem like an outdated technology, but is good enough to stream SD videos and music. Vodacom has also thrown in some data gifts if the smartphone is activated before the end of September 2018.
Its camera functionalities might be a slight let down for the aspirant Instagrammer, with a 2MP rear flash camera and a 0.3MP selfie snapper. Speed wise, the keyboard pops up quickly, which is a huge improvement from the Smart Kicka 3. However, this phone will not play well with graphics-intensive games.
Next up is the Nokia 1, which adds a much better 5MP camera, improved battery life and a bigger 4.5” screen. It supports LTE, which allows this smartphone to download and upload at the speed of flagships. It also sports the Nokia brand name, which many consumers trust.
Although the front camera is 2MP, the quality is extremely grainy, even with good lighting. This disqualifies this smartphone for the social media selfie snapper, but the 5MP rear camera will work for the landscape and portrait photographer.
The screen also redeems this smartphone, providing a display which represents colours truly and has great viewing angles. Xpress-on back covers allows the use of interchangeable, multi-coloured back covers, which has proven to be a successful sales point for mid-range smartphones in the past.
Huawei Y3 (2018)
The most capable of the Android Go edition competitors, the Huawei Y3 (2018) packs an even bigger screen at 5”, as well as an improved 8MP rear camera and HD video recording. The screen is the brightest and most vibrant of the three smartphones, but seems to be calibrated to show colours a little more saturated than they actually are.
Nevertheless, the camera outperforms the other smartphones with good colour replication and great selfie capabilities via the 2MP front camera – far superior to the Nokia 1 despite the same spec. LTE also comes standard with this smartphone and Vodacom throws in 4G/LTE data goodies until the end of September 2018. The battery, however, is not removable and may only be replaced by a warranty technician.
Comparing the 3
All three smartphones have removable back covers, which provide access to the battery, SIM card and SD card slots. The smartphones have Micro USB ports on the bottom with headphone jacks on the top. The built-in speakers all performed well, with the Y3 (2018) housing an exceptionally loud built-in speaker.
Although all at different price points, all three phones remain similar in performance and speed. The differentiators are apparent in the components, like camera quality and screen quality. It would be fair to rank the quality of the camera and battery life by respective market prices. The Vodafone Smart Kicka 4 performed well, for its R399 retail price. The Nokia 1, on the other hand, lags quite a bit in features when compared to the Huawei Y3 (2018), bwith oth retailing at R999.
SA gets digital archive
As the world entered the centenary of Nelson Mandela’s birth on Mandela Day, 18 July 2018, South Africa celebrated the launch of a digital living archive.
The southafrica.co.za site carries content about the country’s collective heritage in South Africa’s eleven official languages.
Designed as a nation building, educational and brand promotion web based tool, the free-to-view platform features award-winning photographic and written content by leading South African photographers, authors, academics and photojournalists.
The emphasis is on quality, credible, factual content that celebrates a collective heritage in terms of the following: Cultural Heritage; Natural Heritage; Education; History; Agriculture; Industry; Mining; and Travel.
At the same time as reflecting on the nation’s history, southafrica.co.za celebrates South Africa’s natural, cultural and economic assets so that the youth can learn about their nation in their home language.
Southafrica.co.za Founder and CEO Hans Gerrizen conceptualised southafrica.co.za as a means for youth and communities from outlying areas to benefit from the digital age in terms of the web tool’s empowering educational component.
“We can only stand to deepen our collective experience of democracy and become a more forward planning nation if we know facts about our nation’s past and present in everyone’s home language,” he says.
Southafrica.co.za, with sister company Siyabona Africa, is the organiser and sponsor of the Mandela: 100 Moments photographic exhibition that runs until 30 September at Cape Town’s V&A Waterfront-based Nelson Mandela Gateway to Robben Island. The 3-month exhibition, which runs daily from 08h00 until 15h00, is showcasing one hundred iconic Nelson Mandela images taken by veteran South African photojournalist and self-taught lensman Peter Magubane.