Today, any IoT device like Amazon Echo, BOSE, Google Home, Sonos that leaks personal or network information can provide the attacker with a successful attack.Attackers can track where the target is living and see if they are at home.This can be done using websites that have multiple Wi-Fi geographies. In this sample case study,
we looked at the specific BSSID associated with the test equipment and plotted the location. The information comes from a wireless access point (WAP) that the device attempts to access during installation.
Figure. Addresses mapped using SSID
After determining the location of the target, an attacker can monitor the presence data available to the device, such as when the speaker is activated and deactivated. This pattern tells the attacker more or less the goal to be awake, asleep, even when the goal is not around.This mixed attack involving network and physical elements presents new dangers that home and business users should be aware of. Leaking data that exists on the device not only makes it easier for users to predict, but it can also expose users to physical risks.
Look for other case studies by read more at trendmicro.com – A must read…
As manufacturers develop Internet of Things (IoT) devices that integrate with widely popular internet-based applications, more and more users see the value in purchasing such devices. Ease of integration becomes an incentive for users to consider adding these products to their network of devices. But while the ease of use can be enticing, these products can also be susceptible to security issues that could introduce far-reaching problems.
To see just how safe and secure IoT devices are and to what extent an attacker can manipulate an IoT device, we tested the built-in security of a particular IoT device type — internet-connected speakers.
If you like to receive more of these curated news alerts then subscribe to my mailing list.