The perilous state of IoT security, the FBI warned last December, means that “hackers can use an innocent device to do a virtual drive-by of your digital life.” A week earlier, that same FBI office had cautioned on the dangers of smart TVs, how they can allow “manufacturers, streaming services, and even hackers an open door into your home.”
A new security report from the team at Guardicore has combined those two FBI alerts, making it clear just how real those risks are, how easy it is to exploit vulnerabilities in everyday devices. And this isn’t a data theft risk—it’s much more creepy, playing like something from a spy thriller. It’s an attack scenario that “conjures up the famous ‘van parked outside’ scene in every espionage film in recent memory,” Guardicore says.
Our homes now double as our offices. Eavesdropping on those homes is as likely to compromise commercial secrets belonging to our employers as private chats or activities between family members. This wasn’t the case when the listening-in smart speaker scandals broke last year. According to Microsoft, “the first half of 2020 saw an approximate 35% increase in total [IoT] attack volume compared to the second half of 2019.”
“At the low end of the risk spectrum,” the FBI warned on smart TVs, “they can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, they can turn on your bedroom TV’s camera and microphone and silently cyberstalk you.”
Now Guardicore says it has proven that a standard voice-enabled TV remote can be hijacked and used as a secret listening device, with the device accessed and attacked remotely from a vehicle out in the street. The team says it was able to remotely attack and then trigger this eavesdropping on demand, operating