Waqas Khan, online security & privacy advocate, PureVPN
Waqas Khan, online security & privacy advocate, PureVPN

Cyber-criminals are actively looking to exploit different devices ranging from smartphones, smartwatches, smartTVs, smartbulbs, and fitness trackers by infecting them with ransomware. And this is not me at my fear-mongering best; a joint report by National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) revealed increasingly "confrontational and aggressive" tactics employed by attackers leveraging the rise of internet-connected devices.

While the vulnerable nature of these devices attracts hackers, the icing on the cake is the vast amount of personal information that these devices hold about us. This in turn becomes a lucrative opportunity for exploitation, ranging from extortion to mass fraud.

The same study further forecast that "ransomware" attacks in 2017 will target devices holding personal data such as photos, emails and even data related to daily fitness progress.

"The nature of such data might not be valuable in terms of its trade on criminal forums but owing to the sufficient worthiness to the victims, will surely spell a deal scenario as they would be willing to pay to retrieve it," the report reads.

Furthermore, the report also highlights that "It is not yet clear whether the ensuing customer support will assist in unlocking the compromised devices or providing consultancy on paying the ransom."

The fact that baby monitors and pacemakers have been hacked in the recent past gives more credibility to the gloomy forecast by the report.

The study further added, "Smart devices are still intrinsically more difficult to hack as compared to smart phones and traditional computers, even though users who download apps from third-party unverified app stores are still at risk owing to presence of malicious content there."

NCSC, part of GCHQ, was launched by ministers amid mounting dangers of online attacks on Britain's industry and infrastructure, particularly on small businesses.

The report was made public at CYBERUK, a major conference hosted by NCSC in Liverpool. The closing words of the conference were, "UK businesses are now significantly threatened by growing cyber-security issues."

Astoundingly, there were around 188 high-level attacks in addition to several low-level incidents tackled by NCSC in the three months since the centre came into being.

Loopholes in smart devices

Smart devices are usually hacked with the help of a malware and are primarily used to participate in DDoS attacks. While smart devices may not be a target of hacking for causing damage to you, they can be compromised to cause damage to others.

There have been instances where security researchers exploited loopholes to hack various smart devices, including devices manufactured by popular brands such as SmartThings, Insteon, Philips Hue, and Ring. Fortunately, these devices have already been patched with a new firmware, but it's quite alarming how easy it is to exploit the undone loops of these devices with the right tools.

Given this situation, drastic measures are required to protect your devices, starting with putting all the smart devices on a separate network that isn't connected to the internet. Keep the main network where regular devices would work as usual like home computer, tablets or smart phones as these devices can easily be secured through the use of VPN and a firewall. A second router would be required to run its own network, not connected to the main modem.

However, applying these steps definitely has some drawbacks:

  • As these devices can be controlled with the help of Smartphones, you'll need to switch Wi-Fi networks on your Smartphone whenever you need to control these devices. This might prove to be a hassle but it's the only solution to counter threats in a situation where smart switches are used to control a majority of the devices.
  • Some smart devices like Amazon Echo or Nest Cam need an internet connection to work properly, so if you are running them through an entirely different network, you won't be able to control them while you're away from your home.

Future predictions

According to Ciaran Martin, the chief executive of NCSC, "There is an evolving trend of cyber-security threats, which is why different sectors at public and private level must keep pace with the trends to deliver real-world solutions in order to deter threats.”

"By 2020, smart devices will increase to a staggering 30 billion from the 12 billion mark we currently have. Although, adding to the home automation and ease of our life, these smart devices could potentially be hacked into quite easily as they come with poor security making them an easy target," said Sen. Mark Warner, co-founder of US Senate Cyber Security Caucus.

He further added, "To make sure that these devices are safe from threat of cyber-hackers, everyone from industry to individuals needs to up their game."

Contributed by Waqas Khan, online security & privacy advocate, PureVPN

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.