密钥重新安装(Key reinstallation)攻击或KRACK是利用WiFi网络加密和传输数据方式中的漏洞的网络攻击,目的是窃取通过网络传输的内容。此类攻击可能导致敏感信息被盗,也可能被用作中间人攻击,为受害者提供虚假网站或将恶意代码注入合法网站。最近,来自ESET的研究人员透露,亚马逊的一些Echo和(Amazon)Kindle 设备(Echo and Kindle devices)容易受到这种攻击。以下是这意味着什么、物联网(IoT)设备受到攻击的原因以及如何在您的家庭或企业(home or business)中防止攻击:
亚马逊(Amazon)的Echo和第 8 代亚马逊 Kindle(Amazon Kindle)易受KRACK攻击
根据ESET智能家居(ESET)研究(research)团队(Smart Home Research Team)的研究,第一代Amazon Echo设备(2015 年发布)和第 8 代Kindle(2016 年发布)都容易受到KRACK攻击,这在 2017 年成为头条新闻。这是一个影响所有WiFi网络的重大漏洞,允许攻击者解密受害者传输的所有数据,并在他们认为合适的时候使用它。
由于此漏洞,未修补的Amazon Echo 和 Kindle 设备(Amazon Echo and Kindle devices)的通信可能会被解密,数据可能被注入和伪造,敏感信息可能会暴露给攻击者。
ESET 于2018(October 2018)年10 月将此问题传达给亚马逊(Amazon),2019 年 1 月(January 2019),亚马逊(Amazon)确认他们可以复制该问题,并开始着手开发补丁。在接下来的几周内,亚马逊(Amazon)还为易受攻击的设备发布了新的固件更新,以解决该问题。因此,如果您有Echo 设备(Echo device),请检查并更新您的 Alexa 设备软件(Check & Update Your Alexa Device Software)。如果您有第 8 代Kindle,请访问Kindle 电子阅读器软件更新(Kindle E-Reader Software Updates)。
为什么黑客喜欢瞄准亚马逊 Echo等(Amazon Echo)物联网(IoT)设备
Amazon Echo是一种IoT(物联网(Internet))设备,在现代家庭和企业中很受欢迎。(Things)人们使用它有很多原因,包括控制家中的其他物联网(IoT)设备,如无线路由器、智能灯泡、智能插头、传感器、恒温器等。Echo用于与亚马逊(Amazon)的Alexa进行交互,它拥有超过 100,000 项技能并且还在不断增长。在它的帮助下,您可以做一些事情,例如点披萨(order pizza)、将电视串流到家中的兼容设备、管理您的待办事项列表、获取最新消息或控制您的Nest Learning Thermostat。
Amazon Echo和所有其他IoT设备具有以下共同特征,使它们对攻击者具有吸引力:
- 始终开启 - 您无需关闭Amazon Echo或智能插头。它始终处于打开状态并等待您的命令。您家中或企业(home or business)中的所有其他物联网(IoT)设备也是如此。
- 始终连接 - 您的 IoT 设备始终连接到WiFi,并且通常还连接到互联网。
- 易于(Easy)利用的漏洞——这是事实,尤其是对于制造商没有在安全方面投入大量资金的廉价设备。一些物联网(IoT)设备几乎没有固件更新和安全修复。
- 恶意软件(Malware)很难检测、分析和删除——当物联网设备(IoT device)被攻击者入侵时,你可能不会注意到,除非你有必要的工具来分析该设备产生的网络流量。(network traffic)此外,当检测到感染时,如果您不具备必要的技术技能和工具,则很难将其移除。
- 大量可用的恶意软件源代码(malware source code)- 很容易找到利用IoT设备已知漏洞的源代码和工具。(source code)它们也很有效,因为许多物联网(IoT)设备没有定期更新。
所有这些原因使物联网(IoT)设备成为全球黑客和攻击者的有吸引力的目标。
如何防止攻击并保护您的物联网(IoT)设备
没有“灵丹妙药”可以保护您的物联网(IoT)设备免受所有威胁。但是,您应该做一些事情来提高安全性并降低攻击的成功机会:(success chance)
- 如果您可以享受使用物联网设备(IoT device)的好处,而无需将其直接连接到互联网,而只连接到您的网络,请切断其互联网访问权限。这将显着降低物联网设备(IoT device)成为攻击受害者的机会。
- (Use)为您的所有IoT设备(IoT)使用强而唯一的密码,并在可用时使用两步验证。
- 定期更新IoT设备的固件。他们中的许多(Many)人不提供有关固件更新的主动警报,因此您必须养成不时手动检查更新的习惯。
- 为网络通信(network communication)启用加密。将您的IoT设备设置为使用HTTPS ( HTTP的安全版本),以便对其网络流量(network traffic)进行加密。因此(Therefore),即使数据包被嗅探或以其他方式截获,它们也会被视为无意义的字符。
- 禁用(Disable)未使用的服务。亚马逊(Amazon)的Echo 和 Alexa(Echo and Alexa)是具有许多技能和服务的智能物联网设备(IoT device)的完美示例。虽然这使它们有用,但它也增加了攻击面(attack surface)。因此,如果您没有使用物联网设备(IoT device)的特定功能(或技能),请尽可能禁用它们,以免攻击者使用它们。
- 使用具有内置安全性的无线路由器 - 一些无线(wireless router)路由器(wireless router)同时包含防病毒和入侵防御系统(antivirus and intrusion prevention system),这使得外部攻击者很难破坏网络和与其连接的物联网设备(IoT device)。此外,如果他们确实设法破坏了物联网设备(IoT device),您的无线路由器(wireless router)可以发出此问题的信号,以便您可以采取措施修复它。
- 使用(Use)高级安全产品(security product)扫描网络中的设备并评估其安全性。例如,ESET Smart Security Premium有一项名为Connected Home Monitor的功能,它可以评估您的网络的安全性,识别受感染的设备,并为您提供提高安全性的提示。
您如何保护家庭或企业中的(home or business)物联网(IoT)设备?
ESET揭示的有关Amazon Echo 和 Kindle(Amazon Echo and Kindle)的问题展示了物联网(IoT)设备的脆弱性。是的,它们很有用,让我们的生活更轻松(life easier),但它们也是一种攻击媒介(attack vector),对黑客和恶意软件创建者很有吸引力。在结束之前,请告诉我们您对ESET所揭示内容的看法以及您如何保护网络中的设备。下方评论,一起讨论。
Why IoT devices like Amazon Echo are a target for attackers, and how to protect yourself
Key reinstallation attacks or KRACK are cyberattacks that exploit a vulnerability in the way WiFi nеtworks encrypt and transmit data, with the aim of stealing what is transmitted over the network. Such аttacks can result in thеft of senѕitive information or can be used as man-in-the-middle attacks, serving the victim a fake website or injecting malicious code into a legitimate site. Recently, researchers from ESET hаve revealed that some Echo and Kindle deviceѕ from Amazon are vulnerable to this attack. Here is what this means, why IoT devices are attacked, and how tо prеvent attacks in your home or business:
Amazon's Echo and the 8th generation of Amazon Kindle are vulnerable to KRACK attacks
According to research from ESET's Smart Home Research Team, the first generation of Amazon Echo devices (released in 2015), and the 8th generation of Kindle (released in 2016) are vulnerable to the KRACK attack, which made the headlines in 2017. It is a significant vulnerability that affected all WiFi networks, and allowed attackers to decrypt all the data that their victims transmit, and use it as they see fit.
Because of this vulnerability, unpatched Amazon Echo and Kindle devices could have their communication decrypted, data could be injected and forged, and sensitive information could be exposed to the attacker.
ESET communicated this problem to Amazon in October 2018, and, in January 2019, Amazon confirmed that they could replicate the issue, and started to work on a patch. In the coming weeks, Amazon has also released new firmware updates for the vulnerable devices, to fix the problem. Therefore, if you have an Echo device, Check & Update Your Alexa Device Software. If you have an 8th generation Kindle, go to Kindle E-Reader Software Updates.
Why hackers love to target IoT devices like Amazon Echo
Amazon Echo is an IoT (Internet of Things) device that's popular in modern homes and businesses. People use it for many reasons, including for controlling other IoT devices in their homes, like their wireless routers, smart bulbs, smart plugs, sensors, thermostats, and so on. Echo is used to interact with Amazon's Alexa, which has more than 100,000 skills and growing. With its help, you can do things like order pizza, stream TV to a compatible device in your home, manage your to-do list, get the latest news, or control your Nest Learning Thermostat.
Amazon Echo and all other IoT devices share the following characteristics that make them appealing to attackers:
- Always on - you do not turn your Amazon Echo or your smart plug off. It is always turned on and waiting for your commands. So are all other IoT devices in your home or business.
- Always connected - your IoT devices are always connected to the WiFi, and often, also to the internet.
- Easy to exploit vulnerabilities - this is true, especially for cheaper devices, whose manufacturers did not invest a lot into security. Some IoT devices barely get firmware updates and security fixes.
- Malware is hard to detect, analyze, and remove - when an IoT device is compromised by an attacker, you may not notice unless you have the necessary tools to analyze the network traffic generated by that device. Furthermore, when an infection is detected, removing it is difficult if you do not possess the technical skills and tools necessary.
- A lot of malware source code available - it is easy to find both source code and tools that take advantage of known vulnerabilities for IoT devices. They are also effective because many IoT devices do not get updated regularly.
All these reasons make IoT devices an appealing target for hackers and attackers worldwide.
How to prevent attacks and protect your IoT devices
There is no "silver bullet" that can protect your IoT devices from all threats. However, there are some things you should do to increase security, and lower the success chance of an attack:
- If you can enjoy the benefits of using an IoT device, without connecting it directly to the internet, and only to your network, cut its internet access. This would significantly lower the chances of that IoT device becoming the victim of an attack.
- Use strong, unique passwords for all your IoT devices, as well as two-step authentication when available.
- Regularly update the firmware of your IoT devices. Many of them do not offer proactive alerts about firmware updates, so you have to create a habit of manually checking for updates once in a while.
- Enable encryption for network communication. Set your IoT devices to use HTTPS - the secure version of HTTP - so that their network traffic is encrypted. Therefore, even if the packets are sniffed or otherwise intercepted, they would come across as nonsensical characters.
- Disable unused services. Amazon's Echo and Alexa are perfect examples of smart IoT devices that have many skills and services. While this makes them useful, it also increases the attack surface. Therefore, if you are not using specific features (or skills) of an IoT device, disable them if you can, so that they cannot be used by an attacker.
- Use a wireless router with built-in security - some wireless routers include both an antivirus and intrusion prevention system, which makes it difficult for external attackers to compromise the network and the IoT devices that are connected to it. Also, if they do manage to compromise an IoT device, your wireless router can signal this problem, so that you can take action to fix it.
- Use an advanced security product that scans the devices in your network and evaluates their security. For example, ESET Smart Security Premium has a feature called Connected Home Monitor, which assesses the security of your network, identifies compromised devices, and gives you tips on improving safety.
How do you protect the IoT devices in your home or business?
The problems revealed by ESET about Amazon Echo and Kindle showcase how vulnerable IoT devices are. Yes, they are useful and make our life easier, but they are also an attack vector that is tempting to hackers and malware creators. Before closing, tell us what you think about what was revealed by ESET and how you protect the devices in your network. Comment below, and let's discuss.