Security researcher Martin Hron remarks “firmware is a new software,” and that software can be exploited. Typically, smart IoT devices have firmware onboard that is used with an API, while users expect that not too much harm can come from the API and firmware. This is not the case, as Hron states “We used to trust that hardware, such as a common kitchen appliance, could be trusted and could not be easily altered without physically dismounting the device. But with today’s “smart” appliances, this is no longer the case.”
Looking at a map from wigle, there are nearly 570 smart coffee makers from the brand Hron tested that are not using smart features. As it turns out, owners not using the smart features “have unintentionally made it easier to hack their devices.” This is only a small subset of smart IoT devices, though. There are likely many more insecure “smart” devices beside coffee makers (fridges, TVs, and more). There could be millions of devices with similar vulnerabilities and tracking every single one would be incredibly daunting.
As devices come and go, vulnerabilities and exploits will remain. If a company stops support for a device and an exploit is found for a perfectly fine smart device, what would you do? Would the device have to be discarded in favor of safety, or do you disconnect the smart features and lose what you paid for? Also, while Hron did some harmless things, IoT devices could be used for DDoS attacks, ransomware attacks, or whatever a hacker can dream of. When considering new smart devices, one should consider the company they are buying from and their track record for support, because we are beginning to live in a hacker’s paradise.
(Images courtesy of Martin Hron)