Research on vulnerability with EZCast dongle highlights unique security challenges for consumers and businesses in an Internet of Things ecosystem
Check Point Software Technologies has published a report identifying network security vulnerabilities with EZCast, an HDMI dongle-based TV streamer that converts non-connected TVs into smart TVs. The findings show a hacker’s ability to gain full, unauthorised access to an EZCast subscriber’s home network, thereby compromising personal information and taking control of home devices. Currently used by approximately 5 million users, the EZCast dongle runs on its own Wi-Fi network and is controlled through a smartphone device or PC. The device represents a growing trend of connecting devices to the Internet – known as the Internet of Things (IoT) – and further introduces unique security challenges for both consumers and business. The latest Check Point research report highlights significant risks:
- Attackers can enter through the Wi-Fi system, allowing easy access into both the EZCast and home networks.
- Once in, the attackers can move around the networks undetected, providing the ability to view confidential information and infect home devices.
- The attacks can be initiated remotely; hackers can execute malicious code anywhere.
“This research provides a glimpse of what will be the new normal in 2016 and beyond – cyber criminals using creative ways to the exploit the cracks of a more connected world,” said Oded Vanunu, security research group manager, Check Point. “The Internet of Things trend will continue to grow, and it will be important for consumers and businesses to think about how to protect their smart devices and prepare for the wider adoption of IoT.”
IoT is comprised of a diverse range of device types – from simple consumer gadgets to cars to sophisticated industrial systems. The EZCast dongle is an example of an IoT-connected device as it enables data transfer over a network without requiring human-to-human or human-to-computer interaction. The IoT market is growing exponentially and will change not only the way all businesses, governments and consumers interact with the physical world – but also how they secure it.
For more information, the full report ‘EZHack: Popular Smart TV Dongle Remote Code Execution’ can be found here: http://blog.checkpoint.com/wp-content/uploads/2015/12/EZCast_Report_Check_Point.pdf <http://blog.checkpoint.com/wp-content/uploads/2015/12/EZCast_Report_Check_Point.pdf> .
Check Point’s Threat Intelligence & Research divisions regularly investigate attacks, vulnerabilities and breaches, and help vendors think about adding security strategy to their devices to better protect consumers. For more information on other research findings from Check Point, visit: http://www.checkpoint.com/threatcloud-central/ <http://www.checkpoint.com/threatcloud-central/> .
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is the largest pure-play security vendor globally, providing industry-leading solutions and protecting customers from cyberattacks with an unmatched catch rate of malware and other types of threats. Check Point offers a complete security architecture defending enterprises – from networks to mobile devices – in addition to the most comprehensive and intuitive security management. Check Point protects over 100,000 organizations of all sizes. At Check Point, we secure the future.