Do Not Use These Smart Devices At Home, Warn FBI And Google
Do not connect these devices at home.
The FBI and major technology players — including Google — issued a new warning Thursday, as cybercriminals exploit smart devices connected to home networks. These bad actors “gain unauthorized access to home networks,” the bureau says, “with malicious software” that is either preloaded or downloaded once connected at home.
The malicious ecosystem at play is the BADBOX 2.0 botnet, and the risk is devices made in China from generic brand names. How many of the devices you bought online come from major OEMs? The FBI says it affects “TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and other products.”
Whether the device is bought with malicious software already onboard, or that software is downloaded during post-purchase configuration, setup or firmware update, the result is the same. Infected devices “become part of the BADBOX 2.0 botnet and residential proxy services known to be used for malicious activity.”
BADBOX 2.0 affects the types of devices running Android’s generic smart device OS. As such, even devices that are safe themselves can be infected by downloading apps from unofficial marketplaces — just as with Android smartphones. “The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity.”
The FBI, Google and a number of security vendors urge the public “to evaluate IoT devices in their home for any indications of compromise and consider disconnecting suspicious devices from their networks.” This includes devices asking to disable Google Play Protect during setup or “unexplained or suspicious internet traffic.”
The new advisory suggests home owners with such no-name smart devices should monitor home internet usage just in case there is high-volume internet traffic that seems at odds with what they can see taking place, ensuring all devices are updated and not using third-party marketplaces. Home users should “prioritize patching firewall vulnerabilities and known exploited vulnerabilities in internet-facing systems.”
According to Human Security, one of the vendors party to the new warning, infected devices can also attack users on the homer network, with malware distribution, one-time password interception and creating fake accounts. Attacks “center on low-cost, ‘off-brand’ and uncertified Android Open Source Project devices with a backdoor.”
Take care how many such generic IoT devices you buy and connect at home — be mindful of the OEMs behind them and check reviews. Do not disable any security protections or install apps from unofficial stores. If you find a device behaving badly, stop using it. It’s also worth taking stock of the number of such devices at home.