More households are adding to their smart device count. It certainly makes life easier to be able to control everything from the fridge to the thermostat through your mobile device. However, this also increases the volume of devices vulnerable to a cyber-intrusion. Many homeowners are under the impression that their devices are generally safe. After all, doesn’t it take wizard-like computing skills to remotely hack into a device? Not so. Hacking to a personal device or appliance doesn’t require the stealth-like mastery one may believe. In fact, it’s a skill any novice can pick up.
Why Hacking Is Becoming Increasingly Easier
In the early days of the Internet, it required an expert to build a website. Nowadays, practically anyone can build a site from scratch thanks to web hosting services and easy-to-use tools like drag-and-drop features. It’s the same way with hacking. Tools in the black market make the process doable for the most basic laymen. Software and tools for stealing or breaching networks can be easily found with a Google search and on sites like eBay. Examples include Web shells like China Chopper for uploading a malicious script to a target host. Another is PowerShell Empire, a penetration testing tool with an automated ability to harvest credentials and escalate privileges.
These tools are designed for ethical hackers to legitimately test the integrity of private and commercial networks. However, they can be exploited by hackers, or knock-off versions can be found in the black market for malicious use.
Another reason hacking is becoming increasingly easier is because the victims make themselves an easy target. Most people know, for example, to not use an easy password, such as “123456” or “password,” yet many people go this route, opting for convenience over security. Furthermore, three out of four people use the same password across multiple accounts. What’s more, 47% of people admitted not having changed their passwords in over five years.
This is akin to a homeowner not locking their doors and windows at night. It makes the burglar’s job a lot easier. Likewise, when you leave your network and accounts poorly guarded, you give the hacker an easy exploit.
The Public Sector Also at Risk
You may think that commercial institutions have commercial-grade security measures in place. Shockingly, this is not always so. Like private residences, public institutions are also surprisingly lax when it comes to IT security, making the job easy for hackers.
One report revealed that hackers were able to gain access to smart devices in the public and commercial sphere using nothing more than Shodan, an alternative search engine that scours the Web for an open network to connect to. Some of the areas hackers were able to gain entry to include:
- A defroster for an ice rink in Denmark
- A traffic control system in Los Angeles
- Two turbines in a French hydroelectric plant
- The onboard monitoring system in a Caterpillar CAT truck
- The power switch in a neuro-surgery room at a hospital in San Francisco
Again, these systems were accessed using a readily available search engine. They were also done by a single ethical hacker and not some sophisticated underground network of covert operators as one might believe.
How to Protect Your Accounts and Networks
Follow the fundamentals of safe online activity. Use complex passwords, never duplicate passwords, use 2-factor authentication, etc. For homeowners, if you buy a router at the store, do not stick to the default password. If you buy a router from, say, Wal-Mart, a hacker can simply buy the same router from the same store to access the same username and password.
For businesses and the public sector, these fundamentals need to be enforced among staff. Strict IT protocols must be priority with regular audits from either an in-house or third-party IT service.
Hacking is becoming less of a rocket science nowadays. Can anyone be a hacker? Probably not everyone, but certainly anyone of average intellect and willing to do a little research and motivated by enough malicious intent. Stay a step above to avoid becoming easy prey to these cyber evil doers.