Kitchens under siege: Is the CIA in your microwave?

While that myth has been debunked, household appliances with smart functionality are becoming targets for hackers

CALGARY, Alta. April 21, 2017/ Troy Media/ – Around the middle of March, one of Donald Trump’s senior counselors, Kellyanne Conway, made the rather outrageous claim that the United States ought to be on high-alert for surveillance equipment hidden in obscure places, such as in television sets and mobile phones. The threat, the former campaign manager claimed, included “microwaves that turn into cameras”.

DDoS attacks

While Conway’s claims have since been debunked by online publications like Wired, she does raise an interesting point, albeit unintentionally: household objects with “smart” functionality, i.e. those with the ability to connect to the internet, are becoming regular targets for hackers, as the need to bolster “botnets” grows alongside their increasing popularity as a tool for cybercrime.

So, while spying through a standard microwave is improbable, if not impossible (they don’t have webcams for a start), a smart fridge or baby monitor can actually be hijacked by criminals and used in Distributed Denial of Service (DDoS) attacks. It’s the tale of malfunctioning appliances the horror movie genre has been trying to warn the world about for decades. But is it really as bad as it sounds? Is the only way to stay safe to go off the grid altogether?

Web application firewalls

Not really. As with things like hacked email accounts, it’s often the user’s ignorance or laziness that ramps up the statistics. Criminals take the path of least resistance, which means attacking routers or printers that still have the factory username and password, lists of which (by brand and model) are available online. In other words, preventing a device becoming the thrall of a cybercrook can be as simple as changing its password. Hardware can be unsecure by design though. For example, smart baby monitors can have unsecured video and audio feeds, which can be broken into.

Protecting against DDoS attacks can be a different story, and many major brands employ a third party to protect them with a web application firewall (WAF), a cloud-based security solution that screens traffic for threats such as the ones listed on the Open Web Application Security Project’s Top 10 list, things like SQL injections, cross-site scripting (XSS), and remote file injection. With even small websites subject to attack in 2017, the uptake of WAFs is growing.

Traffic volumes

But just how serious a threat do unsecured smart objects pose to the world? Individually, not a lot – they can be used to send spam emails, for instance. A small group of devices can’t maintain the traffic volumes required to knock web services offline (the ultimate goal of DDoS attacks). However, bundled together in vast botnets, they can overwhelm servers with hundreds of gigabytes of information a second, with terabyte-size attacks not too far off according to Digital Trends.

The salient point is that while botnets come and go (and even vanish into thin air in some cases), cybercrime is an increasingly accessible option for disgruntled or otherwise ill-intentioned people. The source code for the Mirai botnet is freely available on the internet while criminals with the skills to launch attacks can be hired for a few thousand dollars on the dark web – $7,500 in the case of last year’s wide-ranging internet blackout.

The views, opinions and positions expressed by all Troy Media columnists and contributors are the author’s alone. They do not inherently or expressly reflect the views, opinions and/or positions of Troy Media.

Troy Media Marketplace © 2017 – All Rights Reserved
Trusted editorial content provider to media outlets across Canada

You must be logged in to post a comment Login