Do you want to help criminals? No, I didn’t think so. But if you have compromised Internet of Things (IoT) devices on your home network such as smart TVs, that’s exactly what you are doing.
This week the FBI issued a warning for the something called BADBOX 2.0. Yes, there was a version 1.0 and now the criminals have improved on it.
BADBOX is a botnet. A botnet is when different computer programs work together to do something. For example, your smart TV can be infected with malicious software (malware) that forces it to act as a “bot” (like a robot) to attack websites or services on the internet. Botnets have even brought down parts of the internet itself.
We have to stop helping criminals. Don’t let your IoT devices be part of a botnet.
The FBI states, “Cyber criminals gain unauthorized access to home networks through compromised IoT devices, such as TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and other products. Most of the infected devices were manufactured in China.”
If you are buying any IoT products on Amazon, Temu, Shein, Alibaba, or almost anywhere, the product could have secret back doors that send information to criminals or allow criminals access to your home network.
There will be new ways in the future to know if an IoT product is secure. The U.S. and other countries have cyber labelling where companies can show they build secure IoT products, but the U.S. Cyber Trust Mark labelling program isn’t fully in place yet. I’ll let you know when products start to be announced.
In the meantime, the FBI suggests to look for these indicators. (The word, “indicators”, is a common term we use in the cyber world.) The sentences in italics are my additional explanation.
- The presence of suspicious marketplaces where apps are downloaded. This means the manufacturer doesn’t use the official Google Play store to download software.
- Requiring Google Play protect settings to be disabled. This is so the manufacturer can bypass security.
- Generic TV streaming devices advertised as unlocked or capable of accessing free content. It’s not truly free if you are helping criminals.
- IoT devices advertised from unrecognizable brands. Purchase only brands you recognize that have been around for several decades.
- Android devices that are not Play Protect certified. I’ll write an article about Google Play Protect in the future.
- Unexplained or suspicious Internet traffic. This one is hard to know unless you have technical network expertise.
Buying cheap IoT products is helping criminals get into our homes. If you have a question about a specific IoT device, please ask me and I’ll do some research.