Thousands of next generation Smart Devices using the same ‘private key’

The internet of things has brought with it devices that are incredibly convenient. Imagine being able to open your gate when your car pulls up at it without having to touch the gate.

Imagine having a fridge that know that you like to get home to frozen yoghurt, and therefore freezes your yoghurt a few minutes before you get home. Or a heater that knows you like you love to come home to a certain degree of warmth and therefore wars the house twenty or so minutes before you get there. All these things are the realities we are looking at in a few months.

Now, all these devices are able to do these incredible things because they have tiny computers embedded into their circuitry. These computers are small, cheap and have the capacity to go online and receive instruction. What this then means is that for each smart device there is a tiny computer that requires instruction and therefore has to have a way through which to authenticate the identity of the person passing the instruction. This then means that there has to be a way through which this authentication is managed.

Basically there are two ways to make sure that authentication is safely locked. There is the use of a public key and a private key. The public key allows the device to be recognizable in a network and the private key allows for access to that device and therefore its controls. The most common types of keys are the SSH and the TSL key. These keys are supposed to prevent the device from being controlled by unauthenticated users.

Recently LS decided to scan the internet for these devices. The scan was done with the intention of finding out how many of these devices could be found online without any hacking whatsoever. The small experiment found that millions of devices were easily discoverable. Even more shocking, it was found that most of these devices were sharing their ‘private’ keys.

The devices could be accessed by entering commonly used passwords as well. There is a list of common default passwords that is out there, and hackers have that list.

To stay safe, when you get your device make sure that you change the password before going online. In addition, make sure that your network is secure by using a VPN connection every time you take your devices online. It is also recommended that every device be accessed through a two-step verification process. The other security measure that one should take when using IoT devices is avoiding accessing them as an administrator from the internet because there simply are too many weaknesses in the security set-up of these devices.

Leave a Reply

Your email address will not be published. Required fields are marked *