The FBI has issued an alert warning of vulnerabilities in Internet-connected devices.
Referring to the “Internet of Things,” the FBI described a variety of Internet-connected devices that can be hacked. The agency advised consumers that not everything needs to be connected to the Internet, and suggested that they “consider whether” their Internet-connected devices “are ideal for their intended purpose.”
Devices the FBI mentions include closed-circuit security cameras, built-in cameras on baby monitors, fuel pumps, medical devices such as wireless heart monitors or insulin dispensers, smart refrigerators and televisions, office equipment such as printers, devices used to control music and more.
“As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyberactors. Similar to other computing devices, like computers or Smartphones, [Internet of Things] devices also pose security risks to consumers,” the alert states.
The FBI said hackers will access devices whose default passwords have not been changed by their owner. Others, they say, “broadcast their location to the Internet,” from which malicious actors can access information about the owner, and “access the home or business network and collect personal information or remotely monitor the owner’s habits and network traffic.
“If the owner did not change the default password or create a strong password,” the alert adds, “a cybercriminal could easily exploit these devices to open doors, turn off security systems, record audio and video and gain access to sensitive data.”
At a minimum, hackers can use a victim’s network to initiate “spam attacks” through email, which usually result in the perpetrator gaining access to the victim’s social network. “Email spam attacks are not only sent from laptops, desktop computers or mobile devices,” the alert notes. “Criminals are also using home-networking routers, connected multimedia centers, televisions and appliances with wireless network connections as vectors for malicious email.”
At worst, the report states, hackers can access Internet-connected medical devices. “Once criminals have breached such devices, they have access to any personal or medical information stored on the devices and can possibly change the coding controlling the dispensing of medicines or health data collection. These devices may be at risk if they are capable of long-range connectivity.”
The FBI advises consumers to change their passwords from the factory setting, keep their security patches up to date and to be “informed about the capabilities of any medical devices prescribed for at-home use.”
A 2014 report from the president’s National Security Telecommunications Advisory Committee spoke to the emerging Internet of Things, warning that it was developing at a speed that exceeded the pace of cybersecurity. The group “determined that there is a small — and rapidly closing — window to ensure that IoT is adopted in a way that maximizes security and minimizes risk.
“If the country fails to do so,” the committee added, “it will be coping with the consequences for generations.”
