Mind your cuppa: Barcelona has 22,000 smart kettles at risk of hacking
Be wary, Barcelona: Avast has revealed the city's IoT devices are insecure
The tech industry has descended on Barcelona for the city's annual Mobile World Congress smartphone show, which means Avast has another security misstep to shout about.
Last year, the security firm sought attention by tricking people into using its unofficial MWC Wi-Fi connection as a warning to visitors to be wary of public broadband. This year, Avast said it's spotted more than 5.3 million hackable, connected devices in Spain, half a million of which are in Barcelona and 22,000 of which are smart kettles alone.
Those devices include the usual Internet of Things victims of attackers as well as security researchers trying to make a point including smart kettles, webcams and baby monitors, as well as the usual subject of derision, smart fridges.
Avast is right to point out the dangers of such poorly connected devices, especially as more and more gadgets come online. The company pointed out that hacked cameras could be used to spy on people, kettles could be turned on remotely, or the devices could be simply rounded up into a botnet.
Avast didn't spend a year touring Spain to uncover such weak points, it merely hopped on Shodan.io a search tool that lets users scan ports and IP addresses. Avast included in its tally any spotted running software or firmware with a flaw that sent data over the internet unencrypted. And if it's that easy for Avast's researchers to find devices to attack, it's simple for hackers, too though that doesn't mean they're actively attacking such connected gadgets.
"With databases of commonly known device vulnerabilities publicly available, it doesn't take a vast amount of effort and knowledge for cybercriminals to connect the dots and find out which devices are vulnerable," said Vince Steckler, CEO at Avast, in a statement. "And even if the devices are password protected, hackers often gain access by trying out the most common usernames and passwords until they crack it."
Steckler called on users to do more to protect such devices by choosing strong passwords and keeping software updated and plugged Avast's own Wi-Fi Finder tool, which scans networks for vulnerable devices and offers tips to fix weaknesses but the IoT is notorious for its lack of security and many have called on the industry to do more to keep its customers safe.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now