Cyber Security training from QA

Cyber criminals can exploit flaws in online security and all new appliances

QA Cyber Security Trainer, James Aguilan, looks at how internet-enabled devices such as fridges, doorbells and TVs are leaving consumers exposed to hackers.


James Aguilan | 22 May 2018

Household smart appliances

Consumers who buy internet-enabled devices such as fridges, doorbells and TVs are leaving themselves exposed to hackers who could use them to gain access to their personal data. Many household appliances can now be linked up to the internet to help streamline the home. Fridges can provide reminders of when to buy milk, while televisions can offer advice on what programmes to watch. However, the 'internet of things' is also leaving people vulnerable to online attacks.

Cyber criminals take advantage of flaws in online security and all new appliances, capable of being hooked up to the internet, should carry a kitemark rating showing how secure they were. Shodan, known as the google of exploitation, is the world's first search engine for Internet-connected devices and is used to discover which devices are connected to the Internet, where they are located and who is using them. Shodan features many groupings including: Industrial Control Systems (ICS), Video Games, Webcams and many more.

Furthermore, Leaked documents showed that British spy agencies worked with the CIA to turn Samsung televisions and smartphones into bugging devices that can record conversations and even take photographs. In March, the CIA was accused of running a secret computer hacking programme giving its agents access to everyday items including mobile phones, televisions and iPads, fuelling fears among consumers that their gadgets could be used to spy on them.

UK Government announced plans to allow technology firms, such as Google and Amazon, to enter the energy market. Ofgem, the energy regulator, and the Department for Business, Energy and Industrial Strategy, said that they would relax rules which prohibit any firms other than dedicated energy companies from providing gas and electric to British homes. The scheme is designed to save billions in electricity bills – by allowing tech firms to 'disrupt the market' and offer 'time of day tariffs' which would reward homeowners for turning appliances off at peak times. But, as it would be heavily-reliant on internet-connected meters which provide real-time information about energy use, the scheme is likely to raise further questions on privacy and data security amid concern that the smart meters could be hacked.

Online fraud is already the most common crime in the country with almost one in ten people falling victim. More than five and a half million cyber-offences are thought to take place in Britain each year, accounting for almost half of all recorded crime in the country. But only a fraction of offences is reported to the police because victims often feel too embarrassed or believe little can be done to catch those responsible.

The fear around the 'internet of things' stemmed from the fact that household appliances may often be linked to bank details – for example fridges which can automatically order shopping online when it is required. As most modern televisions and computers are fitted with cameras, there is concern that criminals might even be able to spy on people in their own homes.

If all new devices sold were to carry a security rating, consumers would be more informed in terms of how best to protect themselves online. Plans by Ofgem to relax the rules in order to let tech firms introduce new 'smart' tariffs will require millions of homes to be fitted with internet-connected meters. These will transmit information about when a household uses most energy to suppliers, giving them the power to increase bills at busy times.

 

Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

 

James Aguilan

James Aguilan

Cyber Security Specialist

James Aguilan currently works as a Cybersecurity Researcher. He has provided upskilling and development to Government Agencies, National Critical Infrastructures and Large Corporations through the simulation of cyber-attacks and forensic investigations workshops. In the past, James worked as a Data Consultant where he advised high profiling clients on how to handle their data in a Civil Litigation or Criminal Investigation. Notably, this includes the largest Merger between two US Powerhouse Conglomerate, a deal worth $87 billion. Additionally, he has also served as a Cybersecurity Consultant where he would Respond to Incidents and Perform Full Forensic Investigations. James holds a first-class honour in Computer Forensics and is actively working towards a Masters in Network Security and Penetration Testing.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.