As Mobile World Congress kicks off in Barcelona this week, Avast, a security company, has a warning for the citizens of Spain: There are over 5 million vulnerable IoT devices across the country.
Now this of course is meant to grab attention at a very noisy show, and any connected country has parity with Spain I'm sure, but nonetheless, the experiment conducted by Avast is worth a look. The findings identified more than 493,000 smart devices in Barcelona and 5.3 million in Spain overall – including smart kettles, coffee machines, garage doors, fridges, thermostats and other IP-connected devices – that are connected to the internet and vulnerable to attacks.
The experiment found:
- Over 5.3 million vulnerable smart devices – including webcams and baby monitors – in Spain, and more than 493,000 in Barcelona alone
- More than 150,000 hackable webcams in Spain and more than 22,000 in Barcelona
- More than 79,000 vulnerable smart kettles and coffee machines in Spain
- More than 444,000 devices in Spain using the Telnet network protocol, which is a type of protocol that has been abused to create the Mirai botnet which attacked Dyn in 2016, leading to the crash of Internet sites like Twitter, Amazon, Reddit, etc.
Conducted in partnership with IoT search engine specialists Shodan.io, the experiment proves just how easy it is for anyone - including cybercriminals - to scan IP addresses and ports over the Internet and classify what device is on each IP address. And, with a little extra effort and know-how, hackers can also find out the type of device (webcam, printer, smart kettle, fridge and so on), brand, model and the version of software it is running.
"With databases of commonly known device vulnerabilities publicly available, it doesn’t take a vast amount of effort and knowledge for cybercriminals to connect the dots and find out which devices are vulnerable,” said Vince Steckler, CEO at Avast. “And even if the devices are password protected, hackers often gain access by trying out the most common usernames and passwords until they crack it.”
The company says users need to contribute to making the online world a safer place by keeping software updated and choosing strong, complex passwords. Unfortunately, that is not going to happen, by either the consumer or the manufacturer. As we've reported before, the real answer is this.