X

Report finds millions of insecure devices in European cities

Leaving internet-connected devices open to attack could allow them to be used against us online.

Sarah McDermott Senior Sub-Editor
Sarah is CNET's senior copy editor in London. She's often found reading, playing piano or arguing about commas.
Expertise Copy editing, podcasts, baking, board games
See full bio
Sarah McDermott
2 min read
security-privacy-hackers-locks-key-6779

Unsecured smart-home devices are widely used in major European cities.

 James Martin/CNET

Millions of unsecured smart-home gadgets are vulnerable to attack in European cities, according to a report published Tuesday.

The report from computer security company Trend Micro found that Berlin has the more than 2.8 million vulnerable devices, the largest number in a  European city. London is a close second, with more than 2.5 million devices that could be attacked. 

Researchers used Shodan, a search engine that can find internet-linked devices, to work out the number of vulnerable devices in each city.

"When a certain device or protocol is exposed, it does not necessarily mean that the cyber asset is automatically vulnerable or compromised," Trend Micro said in the report. "However, since an exposed device is searchable and visible to the public, attackers can take advantage of the available information on Shodan in order to mount an attack. For instance, an attacker may check if the associated software of a device is vulnerable, or if the admin console's password is easy to crack."

Earlier this year, Trend Micro made the same analysis of US cities.  

"Right now, manufacturers don't pay attention to security when they are designing and building these kinds of devices but are driven more by commercial concerns. Now is the time to push for stronger regulation on security to have devices secured by design rather than rely on the user to make configuration changes. Otherwise we risk ending up with a toxic legacy of connected devices that will never see a security update," Rik Ferguson, vice president of security research at Trend Micro, said Tuesday.

Unsecured smart-home devices such as connected printers and webcams can be attacked and used to cause chaos online. In October 2016, the Mirai botnet used vulnerable devices to launch a DDoS (distributed denial of service) attack on Dyn, a Domain Name System service provider and internet management company. This caused a massive internet outage, taking down websites across the US. 

Researchers at cybersecurity firm Netlab 360 last month identified a similar network, called Reaper, which included over 2 million internet-connected DVRs and cameras.

First published, Nov. 28 at 4:30 a.m. PT.
Update, 5:31 a.m. PT: Adds comment from Trend Micro.