SureCloud Partners with Test Aankoop to Highlight Internet Enabled Home Risks

May 2018 by Marc Jacob

With research suggesting there will be 125 billion internet connected devices by 2030, Test Aankoop commissioned SureCloud to assess what risks consumers exposed themselves to when utilizing a large number of internet enabled devices in the home. For the project, Test Aankoop set-up an employee’s home with 19 IoT devices ranging from a smart door lock and smart thermostat to a children tablet, briefing SureCloud’s Cybersecurity experts to conduct an ethical simulated attack (Red Teaming) against the individual and their property.

Commenting on the project, Luke Potter, Cybersecurity Practice Director for SureCloud, said: “Provided with the name and address only our team set about collecting as much information as possible from online research using open-source intelligence (OSINT) techniques. Within a few hours we had obtained the full details of the individual, including their family and partner details, full employment history, corporate and personal email addresses, and an array of credentials that they had used for online accounts.

After the initial crawling of online accounts, SureCloud’s cybersecurity consultants visited the target’s property where they initially started by performing reconnaissance from outside the house. Following this, SureCloud Cybersecurity experts launched illustrative attacks. These included gaining access to the property by compromising an internet enabled Nuki smartlock; intercept messages sent from a mobile application to the One2Track Connect Touch GPS tracker, a device that enables parents to track and communicate with their children; upload malicious applications to the vTech Storio Max children’s tablet; and access images and turn off sensors in the Gigaset Elements home monitoring system.