How exactly do IoT smart devices pose a threat to home networks?

[torstein]

I'm just curious, how exactly does a smart lock, or a light bulb or a smart kitchen appliance pose a threat? If you have your router properly set-up, disabled UPnP, enabled the firewall and no port forwarding, then there's no way some remote hacker can enter my home network through a security hole in any given smart device / appliance, right? They would first have to breach my firewall to get to the IoT smart device in the first place, or am I missing something?

I know I can always just have a different vlan, or put all the smart thingies on the guest network, that's not the problem here. I'm just curious how hackers go about exploiting these never-updated-since-manufacture-date devices full of security holes get hacked. Do they have to have physical access, and do packet-sniffing from the wifi-signal / bluetooth signal, or is it remotely over the internet?

Sorry if this has been posted before, I tried searching, and googling, but found nothing here on snbforums, and google only found run-of-the-mill shallow answers from various tech-sites written in a shallow way either because the author doesn't understand the topic or to make it as understandable as possible for its non-tech readers. Nonetheless, it provided no answers that I was looking for. Hoping you fine folks have some answers

 

[Crimliar]

The problem occurs if they can be compromised, or in some cases come from the manufacturer pre-compromised. Many smart devices use just a very tiny pool of controller chips, so if there is a crack in the security they can be re-purposed. The other main issue comes from devices that "phone home" to a server which adds the possibility of MITM (Man In The Middle) attacks, along with whoever runs that server better make sure its secure too! And then theres the issue of just how much do you trust the service provider not to be sniffing the data on your network.
The only way you can come close to completely securing your network would be to have it completely isolated, so for most of us, it's about doing the best we can without letting the paranoia ruin our lives.
*Old enough to have first used power-line adapters when the signal could be detected by neighbours 2 houses away on each side of my then terrace (UK) house - and was not aware of this till a neighbour installed a compatible system!

 

[dosborne]

Many of these tiny devices also never receive any sort of security update, and moist have hard coded firmware that is not updatable. This isn't to say that they will ever be compromised, but if thousands (or hundreds of thousands) of them are out there, they *could* pose a threat to your internal network, be used as part of a bot-net, be used to load malware onto other devices, etc.

To err on the side of caution is always a good idea, but not necessary an iminent threat to panic over.

 

[Justinh]

I think the OP is asking how can they be compromised. How does an external attacker get to the device and then compromise it?

 

[eightiescalling]

This is where security in layers comes in - layers like an onion is one analogy.

The chance of a device being compromised from the other side of the firewall is pretty low.

On the other hand the chance of it being comprised by something you set up on the same side of the firewall is far higher whether the risk is from another iot device or a machine you trust.

More and more, comprised external sites are the entry point. You may have a device that pulls firmware updates - if the site it pulls the update from is compromised that pulls the malware inside your network at which point the controller can work sideways to other devices.

If you want a more extreme example of this consider what happened to Lastpass, a company that (allegedly) understands security. The original cause of their production vault being stolen was a compromised Plex install on a machine that happened to be on the same side of the firewall as a developer machine. The developer willingly installed the compromised plex file and it went downhill from there.

 

[L&LD]

IoT devices are cheap (as in low quality) and not allowed in my network for any reason.

The compromise isn't your network. 99.99% of the time it is the device itself that is compromised/infected and why it's mindboggling to me why anyone lets these things into their homes (regardless of the marketed/perceived convenience factor).

Of course, once these devices are inside your network and (when/not if) compromised, your 'layers like an onion security model' are also compromised fairly easily.

Don't trust the layers of security to protect you from an inside attack. They won't. At least, not if you want those IoT devices to work how they promise (i.e. the 'convenience factor').

If you want to keep bad actors out, don't let bad devices in (your network).

 

[eightiescalling]

You misunderstood me. I'm not suggesting you can protect the network with lots of layers around it but that you need to think about the range of options available for the security model as a whole - and how it applies to every node on the network.

For example, guest WiFi (subnets, isolation etc), vlans, DNS filtering, host firewalls as well as network level, looking at the software you gave installed and limiting config to what you need,if you have application accounts lock them down (no login for example), if you have service level accounts between nodes look at key based login rather than password for automation. The list is pretty much endless.

The different options will have varying levels of benefit but ultimately there is no magic bullet. All you can do is make it harder - the more basic practices you adopt the more you reduce the risk.

(And yes, choosing to not use high risk devices also counts as one of the many many options to reduce the risk.)

 

[follower]

I'm just curious, how exactly does a smart lock, or a light bulb or a smart kitchen appliance pose a threat? If you have your router properly set-up, disabled UPnP, enabled the firewall and no port forwarding, then there's no way some remote hacker can enter my home network through a security hole in any given smart device / appliance, right? They would first have to breach my firewall to get to the IoT smart device in the first place, or am I missing something?

I know I can always just have a different vlan, or put all the smart thingies on the guest network, that's not the problem here. I'm just curious how hackers go about exploiting these never-updated-since-manufacture-date devices full of security holes get hacked. Do they have to have physical access, and do packet-sniffing from the wifi-signal / bluetooth signal, or is it remotely over the internet?

Sorry if this has been posted before, I tried searching, and googling, but found nothing here on snbforums, and google only found run-of-the-mill shallow answers from various tech-sites written in a shallow way either because the author doesn't understand the topic or to make it as understandable as possible for its non-tech readers. Nonetheless, it provided no answers that I was looking for. Hoping you fine folks have some answers

' If you have your router properly set-up, disabled UPnP, enabled the firewall and no port forwarding, then there's no way some remote hacker can enter my home network through a security hole in any given smart device / appliance, right?'
No, none of your thought work.

'They would first have to breach my firewall to get to the IoT smart device in the first place, or am I missing something?'
Yes, you are missing a lot.

'I'm just curious how hackers go about exploiting these never-updated-since-manufacture-date devices full of security holes get hacked. Do they have to have physical access, and do packet-sniffing from the wifi-signal / bluetooth signal, or is it remotely over the internet?'
All of them and more.

Clue.
1. Vulnerability: You can do nothing. There is no way to block it.
2. Backdoor: There are so many backdoored IoT devices from China.
3. Malware.
4. XSS.
5. Sniffing.(Wiretapping)
6. Social engineering.
more.

 

[L&LD]

To make the point as succinct as possible:

If you allow a hacker's device within your network, regardless of the security implemented, you're asking for trouble sooner rather than later. This includes the 'app' installed on your phones/tablets and the physical device(s) too.

The 'app' may be the worst offender here, rather than the actual device (which may be used to just enable all the hacking in the first place). As it will have full access to all your information, websites, passwords, etc. and you'll have given it permission to do so (or else, the device won't work as advertised).

Long story short; IoT=NIMN (Not In My Network).

As secure and locked down my network is, even the Guest Network access isn't available to everyone I invite into my home (and, certainly not even ISP service techs, for example).

 

[Clark Griswald]

@L&LD
Message received, no robot vacuum for you at Christmas.
EDIT: I kept trying to update your gift preference, but the wifi refridgerator and wifi washer/dryer keep adding the vacuum to your list.