24.11.2020, 12:53
A Statement on Smart Doorbells from 2N
Tomáš Vystavěl, Chief Product Officer for IP intercoms manufacturer 2N, responds to a BBC News report broadcast yesterday that consumer advice brand Which? is calling on the UK government to safeguard buyers of smart doorbells.
Physical and virtual attackers can use intercoms and access control devices to discover passwords, “eavesdrop” on unencrypted conversations and gain full access to data, applications and personal property to perpetrate ransomware and man-in-the-middle attacks, or even sneak into the building.
Installing a smart doorbell offers users convenience, flexibility and home security. But as Which? has identified, consumers must look for excellent security standards, not just a good user experience.
The 2N® Indoor View uses 2N’s own operating system to provide users with the highest levels of security and protecting their personal data. No one wants to unwittingly give hackers opportunities to access their personal information.
Consumers are therefore strongly advised to do their research before choosing a video intercom device.
Prevention
The following are high risk factors for security breaches:
- Flaws in the operating system coding which would enable hackers to gain full access to the intercom device
- Web security weaknesses that allow an attacker to carry out random operating system (OS) commands on the server that is running an application, thus enabling access to the application and all its data
- Vulnerabilities in the system that allow a remote attacker to upload a manipulated ringtone file which could enable a complete system takeover
- Unsecured, non-encrypted communication that allow an attacker to listen in the conversation (man-in-the-middle attack)
Additional advice
- Choose a reliable, bespoke security solution tailored specifically for ICS environments that keeps your network secure at all times.
- Create an independent network – dedicated exclusively to devices that handle sensitive information; using the virtual LAN (VLAN) and ensure that manufacturers of installed devices or software use implementation protocols such as HTTPS, TLS, SIPS or SRTP by default.
- Protect the IoT ecosystem: create a separate network for IoT devices, choose a strong password for the router, never install new electronic devices without checking the manufacturer and security standards.
- Create different accounts with different privileges: a user will only be able to make changes related to their specific tasks, while the administrator will be given greater privileges to manage the building and all linked accounts.
- Update the software regularly: installing the latest firmware version on devices is important to mitigate cybersecurity risks. Each new release fixes bugs found on the software by implementing the latest security patches.
- Use strong complex passwords of at least six characters and consisting of a combination of numbers, letters and symbols.
- Conduct regular security audits of the IT infrastructure to identify and eliminate possible vulnerabilities.
Author
