Earlier this year, an Illinois couple panicked when they suddenly heard a male stranger’s voice speak to their infant through the baby monitor. It turns out their smart cameras and thermostat, installed to provide security, had instead been hacked and turned against them.
More recently, A Wisconsin couple got the scare of their lives when a hacker accessed their smart home device and cranked up their heat, spoke to them, and even played vulgar music through a camera.
We don’t have actual numbers on how many more terrifying stories of smart home “invasions” are out there. We do know that as more and more homes are deploying smart home devices (the global smart home market expects to reach 53 billion by 2022).
Instead of just enjoying the rewards of convenience and connectivity, homeowners are also very likely to suffer very real security risks, as smart hackers turn these IoT-based gadgets – lights, locks, cameras, other surveillance systems and even common kitchen appliances such as coffee makers and refrigerators – into gateways to their homes.
In mid-2018, the FBI warned consumers that just as they secure their PCs and mobile devices, they should also safeguard their vulnerable IoT devices such as routers, cameras and other smart appliances.
Common Cyber Threats Against IoT Devices
As the use of network-connected smart home automation devices soars (many of them unsecured), so do incidents of IoT security breaches such as:
- Your public IP address pinpointed by hackers as IP addresses are revealed by unsecured devices, increasing the risk of home intrusion (criminals will know when you’re not home).
- Your hijacked device turned into an email server, able to send thousands of spam emails without the device owner even knowing about it.
- Your compromised devices recruited as malicious botnets to carry out massive Distributed Denial of Service (DDoS) attacks on government or public facilities (See https://www.iotforall.com/iot-ddos-attack/).
- Your IoT devices’ failure to encrypt messages before sending them over the network to keep communication and user information secure.
- Your device’s vulnerability to outside access because manufacturers don’t tell customers to change the default password, which threat actors can easily attain through brute force.
- Your router’s susceptibility to remote access, enabling hackers to intrude into the home network and discover unsecured IoT devices.
What Happens When Hackers Turn Smart Appliances Against You?
Once accessed and compromised, your smart appliances can wreak havoc on your life. Your smart lock, installed to be able to enter your house without a physical key? It can now lock you out or, worse, unlock the door to intruders. The smart light you set up to automatically turn on and off? It can now decide to turn on all the lights – and all the other electrical appliances – until it overloads your power system. That smart vacuum cleaner that you can schedule to do the cleaning for you? Believe it or not, it can now show potential burglars the very layout of your home. Have a router that connects your devices to the internet and makes all this convenience possible? Careful, it can now give away your personal credentials or private information.
You get the point. Every link in the “smart chain” must be secured.
Smart Devices…Not-So-Smart Security?
Smart homes are great, but they’re also way too open. According to OSWAP, each IoT device alone has 15 attack surface areas.
Smart-home owners, get security smart and protect your IoT devices against attacks by:
- Accounting for all your connected devices. Be sure to note each device’s settings, credentials, versions, and recent patches so you’ll know what security steps you need to take or even if you should replace or update any device.
- Authenticating the smart home device before sending or receiving data. Using two-way authentication via cryptographic algorithms ensures that the data comes from a legitimate, rather than fraudulent, source.
- Replacing default or weak passwords to prevent hackers from accessing them through brute force, and change device settings to achieve stronger security.
- Using encryption to protect data as it travels from your device to the cloud to ensure that no one can access the transmitted data without the proper decryption key.
- Segmenting IoT devices by deploying two wireless connections in the home, setting up IoT devices separately, and creating different passwords to prevent the spread of attacks and cut off devices in trouble.
Best of all, adopt a solution – enterprise-grade security protection adapted for homes – that can scan your home network for any unusual activity and then immediately shut it down, while letting you know an attempt was made to invade your privacy.
Igor Rabinovich is CEO and founder of Akita.Box (Wireless IDPS) and the Akita.Cloud platform.