Resource Center

Millions of IoT Devices Vulnerable to Hacking

Mandee Thomas
May 7, 2019 8:04:00 AM

Consumers purchase smart doorbells, baby monitors, and security cameras as a way to feel safer in their homes and neighborhoods. But recently, millions of IoT devices, across multiple brands, have been found to be vulnerable to hacking.

In this article, we'll take a look at what one security engineer found, which devices are at risk, and what course of action users can take.

The Situation at Hand

Peer-to-peer (P2P) technology is a common feature in IoT devices that allows access without the user having to set everything up manually. The device will make use of a special serial number that enables it to easily be connected to a person’s phone or computer.

iLinkP2P is a P2P software developed by Shenzhen Yunni Technology Company, Inc., and can be found in devices all around the world, including:

  • Security cameras
  • Smart doorbells
  • Video recorders
  • Baby monitors

iLinkP2P was recently found to have critical security pitfalls that could allow hackers to access devices in order to eavesdrop, steal credentials, or even take over the device remotely.

Paul Marrapese, a security engineer was the one who discovered the security flaws. In a recent article, he states, “Over 2 million vulnerable devices have been identified on the internet, including those distributed by HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO Coolcam, Sricam, Eye Sight and HVCAM.”

How can You Know if a Device is Affected?

Luckily, there is a way to tell if a device is susceptible. Users can check the UID serial number, typically located on the device label. The prefix used in the UID is what gives it away.

security camera, UID, serial number
Image Credit: Paul Marrapese

Devices that use prefixes FFFF, GGGG, HHHH, IIII, MMMM, and ZZZ account for almost half of the affected devices.

Other prefixes that are known to be vulnerable include the following:

IoT  Devices Susceptible to hacking, Internet of Things, prefix codes

What Should Affected Device Users do?

Despite trying to contact iLinkP2P developers multiple times since January about the security issues, Marrapese never received a response. So, the main solution for users who own an affected device is, unfortunately, to simply buy a new device.

“Ideally, buy a new device from a reputable vendor,” Marrapese suggests. “Research suggests that a fix from vendors is unlikely, and these devices are often riddled with other security problems that put their owners at risk.”

Sadly, this is not the first instance of vulnerabilities seen by IoT connected security cameras. We’ve reported on multiple Nest breaches that left users feeling less secure than ever. Considering how sensitive in nature the data that security cameras capture is, it’s imperative that both dealers and consumers are aware of any risks posed by their device software. In addition, users should take steps to ensure that they are as protected as possible.

Doing simple things like setting up two-step verification and keeping software up to date are great ways to keep hackers at bay.

“Most IoT devices are being compromised by exploiting rudimentary vulnerabilities, such as easily guessable passwords and insecure default settings,” says Raj Samani, a chief scientist at McAfee, a security software company.

Take advantage of our robust library of industry and AG related news, articles, webinars and other resources available through our resource center to enhance your success.  You will also discover valuable insights and content you can share with your subscribers through your website, newsletters, and emails.

Receive more useful content like this by signing up for our weekly AG Newsletter below: