Just curious, I am currently still buying stuff for my tank. Has anyone looked into the security of all of the newer wireless devices within the hobby (apex, AI, etc)? It seems like a niche market where security might not be at the front of their mind in design. I am thinking about getting one just to see if I can break it but before I do something crazy like that I wanted to see if it's been addressed prior to at the very least voiding the warranty on one.
Security of IoT devices within the hobby
- Thread starter db366
- Start date
- Messages
- 719
- Reaction score
- 706
What do you mean “break it”, like logging into someone’s account or breaking into someone home?
Sure, obviously I am not talking about actually performing malicious attacks on anyone other than myself. I would just set up my own device on a separate network and then see what I could do from there. Maybe nothing, maybe get into the UI and crash a tank, or worst case get into the network. It's known that IoT devices are not that secure, many of the major brands have been hacked (Ring, Nest, etc), these companies pay big money for Cyber Sec teams to keep their devices secure so my thinking is these smaller companies might not have the security in place that the big guys have. Essentially I am not that good yet and it might be a nice low hanging fruit for me to play with.
- Messages
- 1,271
- Reaction score
- 167
It's not difficult to do, once on the wifi, obtaining the ip addresses of all your devices along with the Mac addresses it would be at your finger tips to control (ring doorbells are having this issue) but from the perspective of the manufacturer it's the consumers responsibility to "lock the door" having a good firewall and network protection should be at the forefront of everyone, especially with everything "on the line" these days
Fwiw,
-Hide your network SSID so no one ‘sees’ your network.
-Change the default name & password of your wifi router AND use a difficult password!
-Set up a firewall, like the one that comes built in from Microsoft with Windows Defender. Also, most routers these days have built in hardware firewalls. Or, use the one in your security software.
-If you desire more features than Windows Defender delivers, then consider a separate security software product. You can also use a freeware product, just know that they aren’t typically as fully featured. Read the reviews from reputable publications/organizations (see below) for help in your selection.
-I also use a separate VPN product which protects all of my networked devices anywhere I am. Including when connected to unsecured public networks (like say at Starbuck’s or a big box store). So, even if you managed to hack into my network, any data you might see is encrypted with a 256 bit algorithm, almost impossible to crack.
-The security software I use also has features specifically for protecting web cams, and other IOT devices.
Also, it sometimes matters what brand router you have. I use a Netgear Orbi mesh router which has specific features enabled only by certain software, which helped to dictate my selection.
Remember, no matter how malware/viruses get inside your network/devices, once it’s there it may be too late. Spend the money & lock it down, realizing that there is no real way to win. So, keep it all up to date regularly.
www.techradar.com
-Hide your network SSID so no one ‘sees’ your network.
-Change the default name & password of your wifi router AND use a difficult password!
-Set up a firewall, like the one that comes built in from Microsoft with Windows Defender. Also, most routers these days have built in hardware firewalls. Or, use the one in your security software.
-If you desire more features than Windows Defender delivers, then consider a separate security software product. You can also use a freeware product, just know that they aren’t typically as fully featured. Read the reviews from reputable publications/organizations (see below) for help in your selection.
-I also use a separate VPN product which protects all of my networked devices anywhere I am. Including when connected to unsecured public networks (like say at Starbuck’s or a big box store). So, even if you managed to hack into my network, any data you might see is encrypted with a 256 bit algorithm, almost impossible to crack.
-The security software I use also has features specifically for protecting web cams, and other IOT devices.
Also, it sometimes matters what brand router you have. I use a Netgear Orbi mesh router which has specific features enabled only by certain software, which helped to dictate my selection.
Remember, no matter how malware/viruses get inside your network/devices, once it’s there it may be too late. Spend the money & lock it down, realizing that there is no real way to win. So, keep it all up to date regularly.
The best internet security suites for 2024
The best internet security suites for PCs, Macs and mobile devices
Last edited:
Sounds like your intent is to do some security research. My biggest concerns for my “smart” devices is the ability some of them have to be a wifi hotspot for “direct” connections. This would be an obvious point to attack. My APEX does have capacity for software updates which is great but my lights and pumps do not seem to have that embedded. In my experience these are the devices that didn’t think about updating software and weren’t thinking about security as you can never know if the Bluetooth or 802.11 protocol you are using will be secure forever.
All of those things add up to getting inside my home network which isn’t a giant achievement for hackers that want money, as I would be a small payout.
However the more interesting part of any IOT attack for me is if the leads you to compromise the cloud app component where all of the data and control ultimately exist. I would not recommend you attempt to go near any of that public web site unless you have permission or a very firm understanding if you rights as a security researcher or lack thereof.
With all that said I haven’t looked closely at the APEX website to see if they offer any assurance of security, but I will do now and report back later.
Happy hacking whatever you decide to do with the hardware in your home.
Sent from my iPhone using Tapatalk
All of those things add up to getting inside my home network which isn’t a giant achievement for hackers that want money, as I would be a small payout.
However the more interesting part of any IOT attack for me is if the leads you to compromise the cloud app component where all of the data and control ultimately exist. I would not recommend you attempt to go near any of that public web site unless you have permission or a very firm understanding if you rights as a security researcher or lack thereof.
With all that said I haven’t looked closely at the APEX website to see if they offer any assurance of security, but I will do now and report back later.
Happy hacking whatever you decide to do with the hardware in your home.
Sent from my iPhone using Tapatalk
Similar threads
