Hacking the home: how connected tech is making your shack a security risk

If there’s one place in the world that’s supposed to feel safe and comfortable, it’s the home. When you’re not working or doing things outside, this is the place where you and your family members can relax. However, as a result of modern homes becoming increasingly connected, there are fears that they are becoming hot targets for cyber criminals.

Connected technologies are taking over the world. According to recent statistics from research firm Gartner, there will be 8.4 billion internet-enabled devices in use by the end of 2017. And this number will grow to a staggering 20.4 billion by the end of the decade. Total spending on Internet of Things products and services is expected to reach $2 trillion this year, too.

Gadgets such as smart fridges and wearables are making our lives easier and more productive in a plethora of ways, whether keeping a track on your personal stock of milk, or suggesting you at least attempt to lift your bum off a chair. That’s why they have such a potent role in our homes. But while they’re so useful, that’s not to say they’re safe. Hackers are using these devices to get hold of personal information and cause havoc. A recent investigation by consumer group Which? found that tech-savvy crooks are able to compromise a home network and connected devices within just four days. 

In this study, ethical hackers were able to gain access to a variety of home-based connected gadgets – including CCTV cameras, smart children’s toys, internet routers and artificial intelligence speakers like the Amazon Echo. 

These threats go largely unnoticed, until it’s too late. So it's time to spot the threats before they happen. Here's how the modern home can be hacked. 

Consumers less confident

From the NHS attack to the Ukrainian security breach, there have been a number of high-profile cyber attacks over the past few months, and they’ve all had great consequences for the general population. The thing is, these hacks are not only happening more frequently, but they’re also becoming more complex. Shaan Mulchandani, director of technology and security at global engineering firm Aricent, says that cyber criminals are targeting a range of consumer devices and that consumers are becoming less confident in manufacturers. 

“Data leakages undermine consumers’ trust in connected environments and attacks like WannaCry and Petya cause for further consternation," he tells us. 

"This is the tip of the iceberg as physical threats can have profound consequences. Disabled smart locks in homes and offices may lead to theft while disabled vehicle detection and collision prevention features in a connected car can be fatal. 

“Similarly tampered connected fire alarms, Carbon Monoxide / Natural Gas detectors and smart thermostats among other devices can all lead to fatalities. What’s more, cybercriminals can use connected toys and digital assistants to access and manipulate home patients’ insulin pumps and pacemakers, or instruct children to consume dangerous substances."

Mulchandani believes that if tech companies put security first, they can forge better relationships with consumers. 

“These threats should not put off increasing connectivity. Instead, businesses must recognize security as a value creator to increase the take-up of connected and smart use cases. Focus on preventive capabilities and build trusted, resilient ecosystems."

Spying on your passwords

Although many types of technology can be hacked, many cyber criminals are showing an interest in webcams. Last year, researchers at Vectra Networks – a threat detection and response company based in California – were able to hack into a low-cost D-Link Wi-Fi web camera and reprogram it to act as a network backdoor. This gives hackers the ability to not only access computer systems, but also use the camera to capture credentials and passcodes. 

Matt Walmsley, EMEA director at the company, says it’s become increasingly difficult for companies and individuals to  secure their networks from outside attacks – especially those committed through unsecured connected devices such as surveillance cameras and sensors. 

“Webcams are of interest to hackers given the video and voice recording functions that can enable them to capture credentials and passcodes to access computer systems and secure facilities," he says. 

"There are numerous tried and proven ways to exploit these features. For example, to capture and recover hand movements to reveal someone’s passwords and other sensitive details. 

“Last year, we demonstrated how easy it is to hack a D-Link Wi-Fi web camera and reprogramme it to act as a persistent network backdoor without disrupting its camera function. These IoT cameras are installed in businesses as well as homes and the irony in this particular scenario is that Wi-Fi cameras are typically deployed to enhance security, are giving ‘Peeping Tom’ voyeurs with unauthorised access the ability to spy, spread and steal without being detected. 

“To protect homeowners from being hacked, smart devices need to have secure credentials, enabling the purchaser to configure the device for their own network environment. However, the default credential very often goes unchanged after installation, creating a significant vulnerability for attackers to leverage.”

Manufacturers ignoring threats

Despite the fact that these security risks are pretty obvious, many people believe that manufacturers aren’t paying enough attention.  Pete Turner, a consumer security expert at Avast, happens to be one of them. He says hardware makers often put factors such as speed and affordability before security, creating big opportunities for cyber criminals. 

“Because of the demand of IoT and smart home devices, impetus is usually put on the speed of manufacturing and an affordable retail price, with security sometimes coming as an afterthought. Hardware manufacturers are rarely experts in security software so consumers have to figure out how best to keep their devices and their personal information safe and secure, with many not knowing how,” he tells us. 

Turner says common devices such as broadband routers and webcams are easy targets for hackers. Cyber criminals are also using webcams to take down internet services. 

“Internet routers are one of the devices revealed to be hackable and, in a recent study, Avast found that nearly half of all routers (47%) in the UK are in fact unsecured, along with around a fifth of the webcams (22%) in our homes. Webcams are in fact a popular choice with hackers who access these devices either to create a botnet which can take down our internet services, as happened to Talk Talk routers just last year,” he says. 

Before an attack occurs, it’s important to ensure your devices are secure, and Turner says there are some basic steps to do this. 

“Firstly, change any default passwords as soon as you get a device – or immediately if you have never changed any that you currently use – and make sure that your passwords are unique to each of your appliances and not shared across other devices. Also ensure you have a good and up-to-date antivirus software,” he suggests.

Smart TVs and speakers

Dr Ben Silverstone, course leader for computing and quantitative business at Arden University in Coventry, says data leakages and phishing scams can affect devices like smart speakers and connected TVs. 

“There is issue of potential data leakage. Items such as smart speakers and home assistance devices transmit a large amount of data about behaviours, and preferences which could be used to build a profile of owner activities,” he says.

“There is also the potential for phishing type scams such as the hacking of smart TVs, which could be used to target other connected devices in the home. However, there would only really be value in attacking devices that require human interaction. The damage caused by trying to control a light bulb or central heating may be an irritation but would not necessarily be overly damaging.

“Before there is a real move towards financially motivated hacking of connected devices there will be the 'hobby hacker', who will try it just to see what can be achieved. Looking at the patterns of this and the types of attacks committed will give a good indication of future issues.”

Homes are easy targets

Cyber criminals may have some sophisticated techniques to get into complex systems, but in the home environment, the majority of devices just happen to be easy to hack. Raj Samani, chief scientist at McAfee, says hackers often have the ability to develop code to get into and brick devices quickly.  

“You just need to look at Mirai for example to see that cyber criminals hacking techniques aren’t particularly sophisticated,"he says. 

"In fact, many of the devices that are used as part of the connected home are currently being secured by passwords that are publicly known. This in turn makes it easier for hackers to develop code that can exploit these devices, which in some cases are known to ‘brick’ these devices.

“No matter what the device, consumers need to always ask the following questions: What data does it collect? Where does it go?  Who is it shared with?  If they are not comfortable with the potential answers then they must walk away. If they do feel comfortable, it is essential to check whether there is a default password and whether that can be changed. Cyber criminals often exploit the fact that many consumers don’t switch to a new, more secure password, making it even easier for cyber criminals to attack.”

We all love the connected devices and commodities that we keep in our homes. They make life more convenient and keep us entertained, but they also happen to be potentially dangerous. Unfortunately, manufacturers don’t always focus on hardware security, and this is creating lucrative opportunities for hackers. There’s no doubt that we’ll see hacks continue to happen as connected technology evolves – and if security doesn’t improve. For the time being, for our own sakes we'll have to personally be extra careful, and extra vigilant.

Leave a Reply

Your email address will not be published. Required fields are marked *