Thursday May 3 2018

SureCloud Partners with Test Aankoop to Highlight Internet Enabled Home Risks

Cybersecurity Experts work with Belgian consumer group to demonstrate how vulnerable households are to cyber-attacks

SureCloud Partners with Test Aankoop to Highlight Internet Enabled Home Risks

SureCloud®, a supplier of Cybersecurity Services, Solutions and Cloud-based Governance, Risk and Compliance (GRC) Applications, recently partnered with Belgian consumer group Test Aankoop to provide expert consultancy services to assess the general security of the internet enabled home.


With research suggesting there will be 125 billion internet connected devices by 2030, Test Aankoop commissioned SureCloud to assess what risks consumers exposed themselves to when utilizing a large number of  internet enabled devices in the home.  For the project, Test Aankoop set-up an employee’s home with 19 IoT devices ranging from a smart door lock and smart thermostat to a children tablet, briefing SureCloud’s Cybersecurity experts to conduct an ethical simulated attack (Red Teaming) against the individual and their property.


Commenting on the project, Luke Potter, Cybersecurity Practice Director for SureCloud, said: “Provided with the name and address only our team set about collecting as much information as possible from online research using open-source intelligence (OSINT) techniques. Within a few hours we had obtained the full details of the individual, including their family and partner details, full employment history, corporate and personal email addresses, and an array of credentials that they had used for online accounts.


“Once this information was gathered, the team began to develop a programme of realistic phishing attacks to obtain further credentials to gain access to the accounts that were used to manage the target’s Internet of Things (IoT) devices. The purpose of this was to gain access to online accounts which in-turn are used to control IoT devices within the home. Our ability to do this clearly highlights just how much personal information is legitimately in the public domain that can be then used to directly target us in phishing attacks.


After the initial crawling of online accounts, SureCloud’s cybersecurity consultants visited the target’s property where they initially started by performing reconnaissance from outside the house. Following this, SureCloud Cybersecurity experts launched illustrative attacks. These included gaining access to the property by compromising an internet enabled Nuki smartlock; intercept messages sent from a mobile application to the One2Track Connect Touch GPS tracker, a device that enables parents to track and communicate with their children; upload malicious applications to the vTech Storio Max children’s tablet; and access images and turn off sensors in the Gigaset Elements home monitoring system.


“We were able to compromise many of the devices using similar tactics that cyber-criminals utilise to breach targets, highlighting the number of gaps that exist in our everyday protections,” continued Potter. “To consumers, there are a few key takeaways. Most critically you must ensure that you have a completely unique password for every single system and service that you use, while also taking advantage of multi-factor authentication wherever it is supported. Additionally, when you are purchasing IoT devices you should properly configure them, including changing passwords and not leaving them in their default state. Finally, if updates are made available by manufacturers of these devices, apply them as quickly as possible.”


Maarten De Backer, Project Officer at Test Aankoop commented: “With consumers increasingly adding to the number of smart devices that they have their homes this project was designed to see just how secure – or otherwise – those devices are. Our aim was to raise awareness around the risks that consumers are potentially exposing themselves to as a result of basic misconfigurations or failure to follow best-practice advice, which SureCloud did emphatically. We’ve contacted all of the manufacturers involved in the hack about how to address their vulnerabilities and have worked with SureCloud to develop a guide to preventing such attacks being successful”.

"You must ensure that you have a completely unique password for every single system and service that you use, which also taking advantage of multi-factor authentication wherever it is supported"
Luke Potter

DISCLAIMER: The statements, opinions, views and advice expressed in this article are those of the author/organisation and not of ENTIRELY. This article should represent information correct at the time of publication however whilst every care has been taken to present up-to-date and accurate information, we cannot guarantee that inaccuracies will not occur. ENTIRELY will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within this article or any information accessed through this site. The content of any organisations websites which you link to from ENTIRELY are entirely out of the control of ENTIRELY, and you proceed at your own risk. These links are provided purely for your convenience and do not imply any endorsement of or association with any products, services, content, information or materials offered by or accessible to you at the organisations site.

Entirely Tech Jobs

Senior Business Development Manager - Technology & IP

Central London

A dynamic and forward thinking international law firm have an exciting role at senior management level within their business development team.

Interim Management-Technology Recruitment

City of London

My client is a leading global search firm with an established interim management practice.

Interim Management-Senior Technology/Data Recruitment

City of London

My client is a leading global search firm enjoying impressive growth with an established interim management practice.

Researcher/Resourcer Executive Search Technology/PE/VC clients

Central London

My client is a division of a highly respected Executive Search firm focussing on the PE/VC marketplace.

PE Technology Executive search Director

Central London

My client is a division of a highly regarded global Tier 1 search firm specialising in the Private equity backed market place.

Accounts Payable Lead Technology

City of London

My client is one of the fastest growing VC-backed technology companies in Europe and is now changing the industry it specialises in with its leading technology.

Senior Technology Underwriter


The role This insurer has been providing insurance solutions to technology clients since 1994 and we have grown a substantial book of business to date.

Recruitment Team Leader for a leading Technology Brand!

South East London

Could you be our next ERP Recruitment Team Lead? You will; Manage and mentor your own recruitment team, train, develop and nurture new members.

IT Delivery Manager

City Of London

My financial services client is seeking a Technical Commercial Delivery Manager to join the Technology Department and join the Real Time Gross Settlements Programme, reporting both Technology and operationally into the Programme.

Lecturer in Creative Media Production and Technology (0.8)

South West London

Lecturer in Creative Media Production and Technology - Film Making & Visual Effects (0.

Talent Acquisition Manager - IT & Technology


We have a career-enhancing opportunity within a Global Multinational with close to 10,000 employees worldwide, and revenues in excess of $10 Billion p/year.

Assistant Tax Manager - Media & Technology - Top 10 firm


Do you want to work with interesting media and technology clients?Craving a role with a real mix of client facing advisory work?Do you want the autonomy of working from home? I am recruiting a great front end taxation role working closely with two excellent dynamic tax Partners on clients ranging from advertising, film makers, and music production to fin tech businesses.

International B2B Marketing Manager Technology/Product

Central London

International B2B Marketing Manager (Technology/Product) Minimum 3 months: £55000 - £75000 Client will consider candidates with up to 1 months noticeClosing date: Tuesday 13th August @ 9am  Reed Marketing & Creative is currently partnering with a globally recognised SaaS company who are recruiting an interim Senior Ma.

Sales Development Representative - Technology - Central London

City Of London

Sales Development Represenatative Technology Central London The role and companyAs a Sales Executive you will be required to generate opportunities for the field sales team.

Technology Sales - Cyber Security Sales

City of London

Technology Sales - Global Leading Cyber Security Firm - Sales Development Representative This is an exciting time within the cyber-security industry, with the ever-growing nature of cyber-attacks and the demand for safe and secure data greater than ever, the importance of this channel has never been bigger.

Principle Technology Partner - Data Exploitation


This is an opportunity for a skilled individual to enhance their current skillset and knowledge working in a dynamic environment.

Trainee Recruitment Consultant - Technology Recruitment

Central London

Are you looking to work at the very top of the Information Technology recruitment industry? Would you work for a company that is winning awards for its training and development programme? Does the idea of working on a high octane sales floor excite you?Would you like to work with international clients.


MYHSM Collaborates With Equinix

In a development which reinforces its position as a worldwide service provider, MYHSM Ltd., the global provider of Payment Hardware Security Modules HSMs as a Service, announces a collaboration with Equinix, the global interconnection and data centre company

Discover the latest Industry News & Opinions on Entirely

We transform your bright ideas into brilliant digital products.