[ad_1]
Ken Munro exposed piracy to the BBC in a recent episode of Click
BBC Click revealed that thousands of spas can be hacked and remotely controlled due to a hole in their online security system.
The researchers showed the TV show how an attacker could make the tanks warmer or cooler, or control the pumps and lights via a laptop or smartphone.
Vulnerable bins are designed to allow their owners to control them with an application.
But third-party Wi-Fi databases mean that hackers can access specific bins using their GPS location data.
Balboa Water Group (BWG), which manages the system, has committed to a more robust security system for homeowners and has announced that the problem will be solved by the end of February.
Christmas alert
Pen Test Partners – the UK security firm that led the research – warned that spas were not the only household items under threat.
Founder Ken Munro said many of the Christmas gifts people would receive this year would connect to the Internet and offer remote control via apps.
"Manufacturers are still not taking safety seriously enough and, until they do, consumers need to be very vigilant," he said.
"We recommend users to immediately reset all device default pbadwords with a unique one."
"Almost no security"
In the case of spas, researchers have discovered that information found on public resources, called "surveillance databases", could be used to divert the equipment without resorting to another type of authentication.
Public databases contain enough details to perform the hacking (this image has been modified to remove some information)
BWG told the BBC that she had been "surprised" to learn about this flaw, as its application had been available for five years, during which time users had reported no problem.
He indicated that he was working with over 1,000 owners in the UK and in other countries around the world to set up a system of user names and individual pbadwords allowing for secure online controls.
He said he had previously chosen not to do so because he wanted to "allow simple and easy use and activation" by the owners.
Munro said it was "irresponsible".
"It keeps consumers away from consumers and their right to privacy and security," he said.
The researcher acknowledged that it was not the most serious vulnerability in the world related to the Internet of Things, but said it was still worth it to be brought to the public attention.
"The fans are only turned on when there is someone in the bathtub, so a hacker can determine if you're in the bathtub at that time, which is scary," he said. -he explains.
"The security of the IoT consumer is not in a good place.These findings underscore that."
Source link
