8 everyday technologies that can make you vulnerable to cyberattacks

Credit to Author: Kayla Matthews| Date: Thu, 09 Aug 2018 15:00:00 +0000

The technological advances of the modern world make for an exciting and convenient lifestyle. With each new development, from artificial intelligence to the Internet of Things, we make the mundane and tedious more manageable.

The security vulnerabilities of the latest tech have been well documented. But what about everyday technologies that have been around for a while or are widely adopted? Those familiar devices and programs can also put you at risk of being targeted by hackers.

Here are eight commonly-used tech conveniences that are not as ironclad as you might hope.

1. Smart speakers

Smart speakers like Google Home or Amazon Echo, feature countless capabilities meant to assist users. However, cybersecurity experts also warn they’re vulnerable to numerous types of attacks.

Some involve threat actors controlling the speakers with supersonic commands that humans can’t hear, but smart speakers recognize when embedded into YouTube videos, white noise, or other content.

Researchers also discovered hackers could engineer smart speaker apps that seem legitimate but actually come straight from those orchestrating cyberattacks. Sometimes, even when users close out of the apps, they keep recording conversations and other sounds happening in the home and sending them to criminals silently in the background.

2. Smart security systems

Smart security systems let you keep an eye on your home while at the office or vacationing in another country. These systems allow users to sort through hours of footage stored in the cloud or can use artificial intelligence to learn familiar faces who arrive at your door.

However, even security systems can have flaws. A cybersecurity research team in Europe found a bug in Swann smart security cameras that allowed footage from one home to be broadcast to other homes. If hackers had discovered that problem instead of the researchers who verified its existence, they could have used the vulnerability to intercept footage and spy on homeowners. Then, it’d theoretically be quite easy for them to move beyond hacking into the realm of burglary.

3. USB drives

USB drives increase the capabilities of your computer, specifically by being able to move files from one location to another, or to increase storage capacity. They’re also relatively easy for hackers to corrupt by loading worms or other kinds of malware onto them. The US military even knew of the potential danger they posed and banned the use of thumb drives a decade ago.

Unfortunately, many individuals and businesses do not understand the genuine risk of letting employees connect to the Internet while using unsecured USB drives. Instead, they view USBs as tools of convenience, not gadgets that could infect their computers or networks. For example, if a USB drive is connected to a machine that’s infected with ransomware, the files on that drive will also become infected. Moving that drive from one computer to the next, then, could spread the infection beyond a single endpoint to multiple systems.

4. Dongles

Where USB drives give you more room to store files on a computer, dongles plug into USB ports and increase functionality by providing extra content or features. For example, smart TV dongles give you extra channels and movies to enjoy.

A few years ago, cybersecurity experts hacked a dongle provided to car owners by an insurance company to track their driving habits. The experiment allowed researchers to control the windshield wipers of the vehicle fitted with the dongle and—much more alarmingly—enable and disable its brakes.

A more recent problem affected the Amazon Fire Stick. In that case, threat actors installed cryptomining malware that didn’t show up in users’ lists of running apps. Besides making the Fire Stick and its Internet connection sluggish, the malware sometimes made itself known by displaying the word “test” on the screen, accompanied by the Android bot icon. Fortunately, it’s reportedly fixable by restoring the dongle to its factory settings.

5. Shared media files

Cybercriminals consistently engineer new ways to trick people into giving up their passwords, credit card numbers, and other personally identifiable information (PII) through phishing attempts. Phishes typically show up in victims’ inboxes and look exactly like legitimate emails, down to the color schemes, buttons, and headers.

You might already know that downloading an unfamiliar email attachment increases the possibility of being infected, but perhaps you let your guard down when using a well-known file-sharing service like Dropbox. Hackers send malicious emails seemingly originating from Dropbox, too.

Once people click on links within those messages, their browsers go through a redirect process and proceed to download a JavaScript file put there by cybercriminals. Lo and behold, passwords and other credentials entered to access the “Dropbox” folder will be scraped and sent off to those crafty criminals, who can sell them on the black market to the highest bidder.

6. Wi-Fi networks

People use Wi-Fi networks every day and scarcely think about the consequences. Unfortunately, hackers often take advantage of that dependence. Sometimes they create illegitimate, publicly accessible Wi-Fi networks with official-sounding names, like Philadelphia Airport, and hope people will connect to those without verifying they’re real.

Other disturbing research reveals ex-partners are wreaking havoc via remotely-managed instances of domestic abuse. The people affected are collectively known as smart home abuse victims. A study about the matter emphasizes how an individual need only know a home’s Wi-Fi network password and have a corresponding smart home app on their phone to make the lights turn on and off, crank the thermostat up to an unbearably hot temperature, or otherwise make life extremely unpleasant.

7. Smart phones

Like many people, you probably think of your smart phone as much safer from malware than your computer. However, the very thing that makes smart phones “smart,” the Internet, is what makes them vulnerable. Often, infiltration happens when threat actors create apps that look legitimate, but are actually a front for loading all kinds of malware in the background, from cryptominers to adware and even ransomware.

In addition, criminals can infect your phone through smishing, or SMS phishing, where malicious links are texted to individuals under the guise of a great promotion or pretending to be from a credible institution, such as a doctor’s office or bank.

A case involving activists working for Amnesty International revealed hackers installed a kind of spyware called Pegasus through WhatsApp (the real app, not a spoof). Moreover, there are nearly 200 publicly-reported cases of nonprofits being targeted through WhatsApp by that spyware or similar form of malware.

8. Web browsers

Using the Internet would be substantially more cumbersome and maybe even impossible without the invention of the web browser. However, just like the other items on this list, web browsers can also serve as gateways through which hackers enter. One bug that made headlines in April 2018 involved hackers compromising Windows computers through a vulnerability in Internet Explorer, which allowed users to be infected by a malicious Microsoft Word file.

Another kind of malware called Vega Stealer snatches credit card details input into fields when people use the Chrome or Firefox browsers. It can also take data from Word and Excel files and show it to outside parties.

Finally, criminals have found another route to infect users via browser by creating rouge plugins that often make their way past official review for listing in browser web stores by appearing to be legitimate. However, once approved and adopted by the stores, threat actors flip the switch and add malicious updates, infecting any users who download the plugins for additional browser functionality.

Many issues discovered by researchers

If there’s a positive side to several of the vulnerable tech items on this list, it’s that cybersecurity researchers uncovered their vulnerabilities and notified the appropriate parties. Of course, it’s worse when device owners are the ones who learn that problems exist when their computers, phones or other tech helpers start behaving strangely.

In any case, now that you know about some of the things cybercriminals do to unsuspecting users of technology, aim to be more aware of when things seem amiss. Being proactive can sometimes prevent small issues from becoming gigantic catastrophes.

The post 8 everyday technologies that can make you vulnerable to cyberattacks appeared first on Malwarebytes Labs.

https://blog.malwarebytes.com/feed/