14 DAY TRIAL // The FBI has issued a public service announcement (PSA) regarding the state of Internet of Things devices, and their current abysmal security measures.
After in the past two months alone we saw security researchers take apart smart devices like fridges, baby monitors, sniper rifles, electric skateboards, gas stations, and smart cars, these incidents have also been noted at the FBI's headquarters.
In a statement which aims to raise awareness and instruct users and enterprises about the dangers of working with IoT-enabled devices, the FBI is preaching caution all the way.
"Deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices," says the FBI PSA. "Criminals can use these opportunities to remotely facilitate attacks on other systems, send maliciously and spam e-mails, steal personal information, or interfere with physical safety."
The FBI is warning users and enterprises
The FBI is specifically warning against common entry points for this kind of attacks, alerting on the usage of default hard-coded passwords, security oversights, and poorly configured devices.
Additionally, the Bureau is sounding an alarm against the exploitation of the IoT device's Universal Plug and Play protocol (UPnP), a set of functions and operations used to remotely connect and communicate over a network without authentication.
As the FBI is describing, attacks of this kind can result in cases where the device is intentionally damaged and rendered useless, the device's malfunction causes physical harm to nearby persons, and situations in which damaged IoT devices cause financial losses.
The FBI's recommendations
The Bureau recommends that businesses and users should first and foremost disable UPnP on their internal network's routers, keep all devices updated to their latest firmware and software versions, change all default passwords, and purchase devices only from known manufacturers.
Additionally, FBI's security experts recommend that IoT devices should operate on their own protected network, separated from regular user traffic and databases where sensitive information is stored.
Users and businesses should also reevaluate if they are using the device for its native functions alone, or if the IoT capabilities are actually being used, which translates into "stop buying things you don't use!"