Cyber security

Staving off the hackers as target base grows wider

Reuben Paul, 11, a sixth-grader from Austin, Texas, during his presentation at the World Forum in the Netherlands, touched on how smart devices, such as his own teddy bear, could be compromised by hackers.
Reuben Paul, 11, a sixth-grader from Austin, Texas, during his presentation at the World Forum in the Netherlands, touched on how smart devices, such as his own teddy bear, could be compromised by hackers.PHOTO: AGENCE FRANCE-PRESSE

Hacking has become child's play but users should start taking the initiative to protect their devices

When an 11-year boy managed to obtain the phone numbers of dozens of participants at a cyber security conference two weeks ago with nothing more than a laptop and a self-programmed Bluetooth scanner, it was a reminder to both the cyber security community and regular users on just how easy it is for a dedicated hacker to steal information off personal devices.

The demonstration by Reuben Paul, a sixth-grader from Austin, Texas, in the United States during his presentation at the World Forum in the Netherlands, also touched on how smart devices, such as his own teddy bear, could be compromised by hackers.

This comes in the wave of large-scale global threats, such as the recent WannaCry ransomware and last year's Mirai botnet attack, which affected both consumers and businesses worldwide.

Cyber security experts say that lax user security, along with the increasing proliferation of smart home devices, is giving hackers new avenues of attacks.

Get The Straits Times
newsletters in your inbox

But the likelihood of falling prey to such threats is drastically lowered if users take the first steps in protecting their devices, starting with basics such as changing passwords on smart home devices and keeping devices updated with the latest security patches (see tips on next page).

In Singapore, ransomware, malware and phishing remain the top cyber threats both consumers and businesses face.

"Cyber criminals often employ targeted attacks to obtain valuable personal information that can be used in further attacks or sold for monetary value," said Mr Nick Savvides, Asia-Pacific security advocate at Norton by Symantec.

Information is a valuable income stream for hackers, who sell and trade the data on the so-called dark Web - a collection of unindexed Web pages on the Internet that serves as an illegal black market for stolen information, drugs and even weapons.

According to Symantec's latest Internet Security Threat Report, transactions on the dark Web can vary widely from an e-mail address sold for as little as US$0.001 (sold in groups of 10,000), to as high as US$700 (S$962) for a health record.

Devices can be compromised and information stolen in a myriad of ways, either in public or in the safety of one's home if proper precautions are not taken (see infographic on next page).

And connection-starved users desperate for free Wi-Fi are a prime target for such hackers, who have an arsenal of tools to exploit unsecured public Wi-Fi networks.

"In the current world of hyper-connectivity, unassuming users (young and old alike) favour convenience over the necessity to take precautions at public venues," said Mr Prakash Sadagopan, director of systems engineering for Asia-Pacific at F5 Networks.

Attacks like the one Reuben demonstrated, which makes use of Bluetooth rather than Wi-Fi, are yet another tool in a hacker's arsenal.

But Mr Dick Bussiere, Asia-Pacific technical director at Tenable Network Security, said Bluetooth attacks are much harder to pull off than other forms of attacks.

"Many of these attacks rely on a device to be in 'discoverable mode', meaning they are looking for other devices to pair with," he said.

"While these attacks also potentially allow attackers access to your data, they are difficult to exploit unless you are in physical proximity of the target."

The rise of smart home devices, such as smart lights, television sets or baby monitors connected to the Internet, is also giving hackers more attractive targets to hit.

"Security is often not a priority for the device manufacturers," said Symantec's Mr Savvides. "Most of the services do not provide signed or encrypted firmware updates, if updates are provided at all."

READ MORE
Common ways hackers compromise your devices, and how you can protect yourself.

A version of this article appeared in the print edition of The Straits Times on May 31, 2017, with the headline 'Staving off the hackers as target base grows wider'. Print Edition | Subscribe