Wifi boosters have been revealed to be particularly unsecure.
Speaking at an event in London, Paul Vlissidis, technical director of NCC Group, said that the main challenge with the Internet of Things (IoT) was as there was “a problem with all equipment and sharing on the network”.
Highlighting a plug wifi booster for the home, Vlissidis said that people would typically use them around the home and outside to boost their signal but often these come with a lack of security, and while it says it is encrypted on the box, the reality is they are generally unsecure.
“Every manufacturer issues these with the same default password, so if you get anyone of them you can get into the network and start talking,” he said. “Also if you want to change the password, it doesn’t say in the instructions on how to do it. There is no software and you have to go on to the company’s website where there are executable files and download them. After that a warning window pops up saying “there is a real risk that you can ruin the network by changing the password” so 99 per cent of people will not do it.”
Vlissidis said that the general problem with IoT and the ability to update or change firmware, and that most people are too busy to do it. He called on manufacturers to step up and update their stuff, and suggested that there should be some sort of CE mark to certify that it is secure.
“Interoperability trumps security every time; everyone was affected by the Heartbleed issue but we see it as a matter of course,” he said.
