Why should I worry about vulnerable devices in my home?
When a cybercriminal manages to compromise an Internet-of-Things (IoT) device, they are able to get access to your private data. For example, a hacked baby monitor allows them to eavesdrop on you talking to your children; security cameras let them peak inside your home whenever they want; routers reveal web connections; printers can show them your documents.
If you are the owner of a hacked smart device, you are not the only one at risk. These hacked devices are typically assembled into botnets – armies of compromised devices – and used to deploy DDoS attacks against other remote targets. This is how the Mirai malware in 2016 became possible, causing disruptions to businesses and services across the world.
Depending on the type of device, they can also serve as intermediary nodes to move malicious traffic, to store malware, or to scan the web for other vulnerable devices and attack them. In many cases, this is reason enough for service providers to cut you off the internet until you disinfect the gadget.
Enter Vulnerability Assessment
IoT devices drive automation, and they have found a place in modern homes in the form of smart thermostats, smart plugs, voice assistants, smart locks, and more. But for a large percentage of users, security is a big concern.
Some of the smart gadgets in consumer homes are protected with default credentials; others have hard-coded accounts, or come with security bugs in the firmware that can be remotely exploited. Most people don’t know this until their devices are exploited – and many times not even then!
With NETGEAR Armor, however, whenever a new device connects to your network, and then through regular consistent scanning, NETGEAR Armor runs the Vulnerability Assessment engine to identify the gadget, along with any possible misconfiguration or flaws.
Some of the checks performed look at open services (SSH, Telnet) that may inadvertently expose the device to the outside world, or for default credentials known to ship with the device. Weak passwords set by the owner are also identified and reported. This is done by running dictionary attacks that go through a specified set of words and assess their strength as a password.
NETGEAR Armor does more to identify flaws that affect your devices. It uses Bitdefender’s Cyber-Threat Intelligence, which pulls information from a list of known vulnerabilities (CVEs). The Vulnerability Assessment feature also includes Bitdefender research into all issues affecting IoT devices discovered through manual inspection of the firmware, cloud-based components, and web apps. This variety of information sources ultimately offers a 360O-view of the device’s security state, and flags specific vulnerabilities.
NETGEAR Armor keeps a vigilant eye on these devices. After the initial vulnerability scan, you can initiate an on-demand vulnerability assessment for any connected device, whenever you feel like you need one.