Got pretty
cool stuff. I can not share.
http://hi-tech.mail.ru/news/home-gadgets-threat.html
THE TV IN
THE HOUSE CAN BE DANGEROUS
As the
experts found out after the experiment to search for vulnerabilities in
home-gadgets-tah, TV (and other devices) may be unsafe for the privacy of
valuable data and the entire family. It is noted that this applies only to new
fashion-lei with the ability to connect to the network. Anti-virus expert
"Kaspersky Lab" David Jacoby carefully researched different models of
household appliances. As a result, he found one vulnerability in the Smart TV,
and several potentially harmful hidden functions remote management on the
router, as well as 14 vulnerabilities in the network storage devices where data
(network drives).
The main problems
of information security in home gadgets cause several lack of encryption when
transferring data from user to server produce a dye, and also weak passwords
device access, which by default is set by the vendor and are rarely changed by
the user. So, using the detected in one of the NAS vulnerability, Jacoby was
able to upload a file to the memory storage, which is inaccessible to the
ordinary user. In case if this file was malicious, the NAS data would be a
source of infection to all other devices connected to your home network, or bot
involved in the Commission of DDoS attacks. Moreover, since the file was
uploaded in a special section of memory through a vulnerability, and removed
from the system it can only be through this same vulnerability. A non-trivial
task even for a technical specialist, not to mention the simple home user.
Source of
danger can be and TV. The latest models are equipped with the function Smart TV
potentially open to attackers the ability to perform attacks,
man-in-the-middle. We are talking about cases where the user desires to
purchase media content via the TV. In the experiment, the expert of
"Kaspersky Lab" was replaced by a graphic icon of the Smart TV
interface on another image solely due to the fact that when the data transfer
is not secured by encryption. So, the same could ETS-lat and attackers — and
then the user instead of buying content just send your money to the account of
the scammers.
In
addition, it was found that the routers are also not as simple as they seem. Jacoby
found in these devices a number of hidden features available only to Internet
providers, but not to the owners of gadgets. Some sections of the web
interface, in particular the control of the DOS-dull, updates, Webcams and
other, can be controlled only through the universal vulnerability that an
ordinary user, of course, unavailable. But the provider or, in sa IOM worst
case, an attacker could take complete control of the device-properties.
"We
must not err, like our home gadgets in security only because we have installed
an intricate password. There are many things that Paul is the user can't
control. Less than 20 minutes I found a number of serious vulnerability in the
device that, at first glance, it seemed perfectly safe. In this regard, the
protection of home entertainment systems, data storage and Internet access
should be addressed by both the device manufacturers and developers of security
solutions in the very near future," explained Jacoby.
