Sophos wrapped up all the important results of its IoT-Security long term study „Haunted House“ in a whitepaper. The most important conclusion: no hacker did overtake one of the implemented IoT devices, but the number of attacks increased every single day
Oosterhout, 27 November 2017 – Devices of the future will be smart and already are: they communicate via internet with the whole world and are designed to not only entertain us but make our daily life easier. However, while most of the users are already aware of IT security for their Computer or mobile devices, this awareness isn‘t very pronounced for Smart Home components and forgot that IoT devices mostly are nothing else then little PCs in the own network.
The „Haunted House“ – Simulation of a Smart Home
Up to now valid data about external accesses to IoT devices is rare. For this reason Sophos cooperated with Koramis to create a Smart Home infrastructure that was placed in the internet as honey pot. The house represents a typical private household with 13 IoT devices and technologies from various vendors, that are in a network and connected to the internet – a set-up that can be found in more and more modern households.
Three test phases
Within two of the three test phases the techniques and number of access tries to the implemented components were tracked. The first phase took place for six weeks with individual and secure passwords. The second phase with the same set-up run for three weeks. The difference: standard settings for the devices were used – just as it is very likely in private households with IoT devices in use. To get these results into a bigger context, a third research phase realized active internet scans for typical and open IoT components with the help of special search engines like SHODAN and Censys. The results of these scans are getting visualized by so called heat maps.
The results: not really surprising but alarming
The access tries were higher than expected and were very high. From nearly every country worldwide at least one try to connect to one of the IoT devices in the Haunted house was monitored. While working with secure passwords 1.500 acces tries daily were listed, even 3.800 with the default settings. Looking at the various countries, China, USA and Mexico are at the top three of the countries the access tries came from. A detailed description of the of the Haunted house study including results can be found here.
Sophos Benelux
Leave a Reply