Smart devices are used for real crimes, says expert | Security

Almost 50% of people who buy smart devices do so for the safety of their homes. However, few know how to set up surveillance cameras, smart assistants, digital buzzers and smart TVs to protect themselves from attacks that, although they reach the Internet, can cause real damage. According to experts, the connected devices provide loopholes for bandits from the real and virtual world to get to know the habits of the residents and have physical access to a house, all the houses on the street or all the residences of an entire neighborhood.

READ: Scam frees cash from ATM and worries FBI; understand

the encounter of traditional crime with cybercrime. We are talking not only about privacy issues, which can endanger information from family members, but also about the use of this data to physically harm people, explained Thiago Marques, Kaspersky Lab security researcher, during the 8 Analysts Conference of Security for Latin America, this Tuesday (14).

Want to buy cell phones, TV and other discounted products? Meet Compare dnetc

Alexa, Amazon's virtual assistant, is involved in controversial cases Photo: Divulgao / AmazonAlexa, Amazon's virtual assistant, is involved in controversial cases Photo: Divulgao / Amazon

Alexa, Amazon's virtual assistant, is involved in controversial cases Photo: Divulgao / Amazon

Virtual crime joins real crime

There are 16 million connected devices in Latin America and that number is expected to grow by 36% in the region by 2023. In Brazil, smart devices, called the Internet of Things, are still not so popular (except when talking about smart TVs). Even so, the number of infected devices is already 72% of the total and the country already represents 23% of the devices affected by viruses in the world.

The threat that most concerns remote control by malicious people. Smart speakers, smart TVs, security cameras, vacuum cleaners … Any object that has an Internet connection is exposed to this attack, precisely because it is not a vulnerability. Remote access is what makes life easier for people so they don't have to touch their devices: just send voice commands or use apps on their cell phones so that the TV turns on, the music plays and the house is clean, for example.

When a criminal has access to this type of device, he can take control and send commands to him to perform actions. An example: a TV starts to execute a malicious code and sends voice commands to the virtual assistant. Thus, through the microphone of the smart box, everything that is said in the house is recorded and sent to someone. The owner doesn't even know.

Another possible situation that is part of the operation of the devices concerns the installation of the applications that manage them. Anyone in the house can install the app, even if they are outside the local Wi-Fi network. If this cell phone was the target of a phishing scam and has a virus installed, everyone's safety is compromised. Five out of six device apps that we analyzed do not ask for authorization to add a new cell phone to control the devices. If, at least, it was necessary to press a physical button at the time of installation, this would be enough to avoid the remote control of bandits, suggests Marques.

Brazil has 23% of the total of smart devices affected by viruses in the world Photo: Nicolly Vimercate / dnetcBrazil has 23% of the total of smart devices affected by viruses in the world Photo: Nicolly Vimercate / dnetc

Brazil has 23% of the total of smart devices affected by viruses in the world Photo: Nicolly Vimercate / dnetc

In the case of television or Android Box, the scenario is even more serious, including because of its popularity. In 2018, it is estimated that 70% of TVs sold in Latin America will be smart. Few buyers know, however, that it is possible to install any type of code on a smart TV. This allows bandits to explore the camera and microphone, among other ways of capturing data. The same is true with devices that turn TV into smart, such as Android Boxes. It is common for users to choose cheap products from unknown Chinese brands or even buy a pirated device. This would be the main door for criminals to enter.

Thiago explains: many brands take security issues in general, big companies seriously. But others just want to sell and don't update. The consumer often does not even know which company the product he bought from. If he has a problem, he has no one to look for, the device’s information is in Chinese, and in the event of a massive attack, the information doesn’t come out in the big media.

How do these attacks work?

To show how simple it is for malicious people to have access to valuable data from the owners of the devices, Kaspersky did an experiment. With a code that takes about two hours to get ready, they managed to find out the exact address of a house with a smart bell installed. The company's experts also identified that it is possible to automate the monitoring of the remote device to know when someone rang the bell, when a video of the location was uploaded and the images were downloaded.

Once the criminal is in control, he can find out exactly where you live and go over there or sell the information to a local thug. This can be done not only on the bell, but on other connected devices in the house and in several houses at the same time or in all houses in a neighborhood, he warns.

Android Box pirate gateway to criminals Photo: Nicolly Vimercate / dnetcAndroid Box pirate gateway to criminals Photo: Nicolly Vimercate / dnetc

Android Box pirate gateway to criminals Photo: Nicolly Vimercate / dnetc

"I have a smart device: what to do?"

According to Kaspersky, about 47% of people who buy smart devices want to prevent theft, but perhaps what is happening is just the opposite.

The main tip to protect yourself configure and update smart devices correctly. What is lacking awareness. People buy a smart TV, for example, see if it's working, if they can watch Netflix, and think they don't need to do anything else. How many check if there is a firmware update for their smart TV ?, it provokes, if they don't, they are going against what was their goal when buying the device: to bring security inside the house.

In general, the big manufacturers, when they know that there is a vulnerability in one of their products, immediately launch a correction or comment on the case as happened with the controversies involving Amazon Echo, Amazon's smart speaker. The same is not true of smaller, unknown companies and, even less, of pirated products. In such cases, the guideline cuts the evil for the reason. As General Director of Kaspersky in Latin America and the Caribbean Cludio Martinelli completed: what do all these devices have in common? They are connected to the same Wi-Fi network. Everything starts at the router and, at the very least, it is what we must protect.

* The journalist traveled to Panama at Kaspersky's invitation