HackDig : Dig high-quality web security articles for hacker

A quick plug for cyber security this Christmas

2014-12-18 06:35

A quick plug for cyber security this Christmas

Are you planning on your garden looking something like this over the Christmas holiday season?

Xmas Blog

Source: www.dotcomgiftshop.com

As lighting technology becomes more efficient with the use of high intensity LEDs, more and more people are installing lights in their gardens.

In order to power all these lights safely, various outdoor power products have become available, which generally take the form of a ruggedized extension lead with power socket.

The devices simply extend the power from your house to a socket in the garden that can be sealed from the elements by closing a flap over the connected plug.

I’m sure many people are buying these types of product and connecting up their garden lights without a thought for cyber security. In fact, I bought one of these at the weekend for exactly this purpose and it got me thinking…What else is plugged into the sockets within many people’s homes?

In order to Internet-connect increasing numbers of consumer devices, many people turn to the Homeplug[1] solution.

Power-line networking has been around for many years, but it has only relatively recently become popular with the mass consumer market, as they are now offered as Internet connectivity solutions for TVs and set-top-boxes, which can be in a different room to the home broadband router.

The concept is simple: Connect a network cable from your broadband router to a Homeplug device and plug it into a power socket, then when you need wired Internet access in another room all you need is another Homeplug device and the network communication occurs via the power cables within your home. (In case anyone is wondering, no, I don’t have any Homeplug devices connected in my house).

Xmas Blog 2

Source: sky.com

Unfortunately, from a security perspective, these devices are all configured with a default security key:

“…the default NMK (Network Membership Key) that is programmed into all AV stations [Homeplugs]. While this default NMK provides a seamless, plug and play experience for the user when the equipment is initially installed, it does not provide any privacy since it is known by every HPAV-certified station.”[1]

So, if someone connected a Homeplug device (configured with the default security key) into a power socket in your garden, not only would they be able to access the Internet using your ISP account, but they would effectively be directly connected to your home network and could access your networked devices and resources as if they were inside your house.

It is important to make clear that although, by default, these devices all have the same security key, the keys can be changed by the user.

The question is, however, how many people actually do this? If the devices “just work” out of the box, even if people know they really ought to change the default security key, how many people will risk them potentially stopping working by reconfiguring them? Especially if it’s Christmas day and the Homeplugs are providing Internet connectivity for your kids’ games console!

The following recommendations should therefore be followed:

  • If you use Homeplugs within your home network, ensure that the default keys are changed before you start actively using them. Consider it to be part of the installation process, otherwise you will never get around to changing them. All of the reputable manufacturers of these devices provide instructions for how to do this, which often includes a simple configuration software tool.
  • Ensure that the key you choose is suitably complex – it doesn’t necessarily need to be memorable, as you will not need to regularly re-enter it (only when you add additional Homeplug devices). If you forget the key all you need to do is reset the devices and choose a new one.
  • If you have power sockets outside your house, maybe in the garden or in the shed, remember that as well as extending your power you are also potentially extending your home network into these less trusted environments. 


Source: /samtsirhc-siht-ytiruces-rebyc-rof-gulp-kciuq-a/21/4102/golb/ne/moc.puorgccn.www

Read:1690 | Comments:0 | Tags:No Tag

“A quick plug for cyber security this Christmas”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud