News that Linksys and Belkin hardware was inherently insecure and could easily allow hackers to access your local network and control your gear.
First, there is “The Moon,” a piece of malware that can infect E1000, E1200 and E2400 routers from Linksys. The malware spreads itself from router to router and but doesn’t seem to do much except spread itself far and wide.
More frightening, however, is a hack that allows hackers to access their WeMo line of smart home devices. WeMo is a line of smart wall switches and controllers that let you sense motion and control lights and appliances remotely. Hackers have inject their own firmware into the device and access the switch, change settings, and even gain access to the local network. Security firm IOActive recommends “unplugging all affected devices from the WeMo products.”
As we approach a true “Internet of things,” these things we’re connected better be secure. As devices like health trackers and thermostats become a true personal sensor systems, the data they supply will be increasingly valuable and the services they preform are increasingly mission-critical. In-home hardware, for a long time, has been unconnected. Now it isn’t.
What needs to be done? In short, hardware manufacturers must harden their systems. The WeMo hack exist simply because Belkin got lazy. They allow attackers to digitally “sign” modified firmware, thus turning the WeMo into an attack vector. While it’s probably not scary if an average intruder tries turn your light on and off, the exploit is worth quite a bit to a determined hacker who wants access to your files. The same goes for our Fitbits, Basis bands, and Pebbles – the average user has nothing to worry about but getting the heart rate of a target in various situations could offer attackers a way to socially engineer an unsuspecting target. Add in remote control of health devices like pacemakers and you have something truly scary.
Hardware has long been too hard to hack. It was unconnected and the big manufacturers tended towards the creation of dumb protocols that, while secure, couldn’t do much. Now that we expect big things out of every gewgaw, we need to be ready that those things will be hackable and, more important, hacked.