/millions_of_iot_devices_vulnerable_to_hacking.jpg)
Consumers purchase smart doorbells, baby monitors, and security cameras as a way to feel safer in their homes and neighborhoods. But recently, millions of IoT devices, across multiple brands, have been found to be vulnerable to hacking.
In this article, we'll take a look at what one security engineer found, which devices are at risk, and what course of action users can take.
Peer-to-peer (P2P) technology is a common feature in IoT devices that allows access without the user having to set everything up manually. The device will make use of a special serial number that enables it to easily be connected to a person’s phone or computer.
iLinkP2P is a P2P software developed by Shenzhen Yunni Technology Company, Inc., and can be found in devices all around the world, including:
iLinkP2P was recently found to have critical security pitfalls that could allow hackers to access devices in order to eavesdrop, steal credentials, or even take over the device remotely.
Paul Marrapese, a security engineer was the one who discovered the security flaws. In a recent article, he states, “Over 2 million vulnerable devices have been identified on the internet, including those distributed by HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO Coolcam, Sricam, Eye Sight and HVCAM.”
Luckily, there is a way to tell if a device is susceptible. Users can check the UID serial number, typically located on the device label. The prefix used in the UID is what gives it away.
/millions_of_iot_devices_vulnerable_to_hacking(1).png?width=800&name=millions_of_iot_devices_vulnerable_to_hacking(1).png)
Image Credit: Paul Marrapese
Devices that use prefixes FFFF, GGGG, HHHH, IIII, MMMM, and ZZZ account for almost half of the affected devices.
Other prefixes that are known to be vulnerable include the following:
/millions_of_iot_devices_vulnerable_to_hacking(2).png?width=800&name=millions_of_iot_devices_vulnerable_to_hacking(2).png)
Despite trying to contact iLinkP2P developers multiple times since January about the security issues, Marrapese never received a response. So, the main solution for users who own an affected device is, unfortunately, to simply buy a new device.
“Ideally, buy a new device from a reputable vendor,” Marrapese suggests. “Research suggests that a fix from vendors is unlikely, and these devices are often riddled with other security problems that put their owners at risk.”
Sadly, this is not the first instance of vulnerabilities seen by IoT connected security cameras. We’ve reported on multiple Nest breaches that left users feeling less secure than ever. Considering how sensitive in nature the data that security cameras capture is, it’s imperative that both dealers and consumers are aware of any risks posed by their device software. In addition, users should take steps to ensure that they are as protected as possible.
Doing simple things like setting up two-step verification and keeping software up to date are great ways to keep hackers at bay.
“Most IoT devices are being compromised by exploiting rudimentary vulnerabilities, such as easily guessable passwords and insecure default settings,” says Raj Samani, a chief scientist at McAfee, a security software company.
