If there’s one place in the world that’s supposed to feel safe and comfortable, it’s the home. When you’re not working or doing things outside, this is the place where you and your family members can relax. However, as a result of modern homes becoming increasingly connected, there are fears that they are becoming hot targets for cyber criminals.
Connected technologies are taking over the world. According to from research firm Gartner, there will be 8.4 billion internet-enabled devices in use by the end of 2017. And this number will grow to a staggering 20.4 billion by the end of the decade. Total spending on Internet of Things products and services is expected to reach $2 trillion this year, too.
Gadgets such as smart fridges and wearables are making our lives easier and more productive in a plethora of ways, whether keeping a track on your personal stock of milk, or suggesting you at least attempt to lift your bum off a chair. That’s why they have such a potent role in our homes. But while they’re so useful, that’s not to say they’re safe. Hackers are using these devices to get hold of personal information and cause havoc. A by consumer group Which? found that tech-savvy crooks are able to compromise a home network and connected devices within just four days.
In this study, ethical hackers were able to gain access to a variety of home-based connected gadgets – including CCTV cameras, smart children’s toys, internet routers and artificial intelligence speakers like the Amazon Echo.
These threats go largely unnoticed, until it’s too late. So it’s time to spot the threats before they happen. Here’s how the modern home can be hacked.
Consumers less confident
From the NHS attack to the Ukrainian security breach, there have been a number of high-profile cyber attacks over the past few months, and they’ve all had great consequences for the general population. The thing is, these hacks are not only happening more frequently, but they’re also becoming more complex. Shaan Mulchandani, director of technology and security at global engineering firm Aricent, says that cyber criminals are targeting a range of consumer devices and that consumers are becoming less confident in manufacturers.
“Data leakages undermine consumers’ trust in connected environments and attacks like WannaCry and Petya cause for further consternation,” he tells us.
“This is the tip of the iceberg as physical threats can have profound consequences. Disabled smart locks in homes and offices may lead to theft while disabled vehicle detection and collision prevention features in a connected car can be fatal.
“Similarly tampered connected fire alarms, Carbon Monoxide / Natural Gas detectors and smart thermostats among other devices can all lead to fatalities. What’s more, cybercriminals can use connected toys and digital assistants to access and manipulate home patients’ insulin pumps and pacemakers, or instruct children to consume dangerous substances.”
Mulchandani believes that if tech companies put security first, they can forge better relationships with consumers.
“These threats should not put off increasing connectivity. Instead, businesses must recognize security as a value creator to increase the take-up of connected and smart use cases. Focus on preventive capabilities and build trusted, resilient ecosystems.”
Spying on your passwords
Although many types of technology can be hacked, many cyber criminals are showing an interest in webcams. Last year, researchers at Vectra Networks – a threat detection and response company based in California – were able to hack into a low-cost D-Link Wi-Fi web camera and reprogram it to act as a network backdoor. This gives hackers the ability to not only access computer systems, but also use the camera to capture credentials and passcodes.
Matt Walmsley, EMEA director at the company, says it’s become increasingly difficult for companies and individuals to secure their networks from outside attacks – especially those committed through unsecured connected devices such as surveillance cameras and sensors.
“Webcams are of interest to hackers given the video and voice recording functions that can enable them to capture credentials and passcodes to access computer systems and secure facilities,” he says.
“There are numerous tried and proven ways to exploit these features. For example, to capture and recover hand movements to reveal someone’s passwords and other sensitive details.
“Last year, we demonstrated how easy it is to hack a D-Link Wi-Fi web camera and reprogramme it to act as a persistent network backdoor without disrupting its camera function. These IoT cameras are installed in businesses as well as homes and the irony in this particular scenario is that Wi-Fi cameras are typically deployed to enhance security, are giving ‘Peeping Tom’ voyeurs with unauthorised access the ability to spy, spread and steal without being detected.
“To protect homeowners from being hacked, smart devices need to have secure credentials, enabling the purchaser to configure the device for their own network environment. However, the default credential very often goes unchanged after installation, creating a significant vulnerability for attackers to leverage.”
Manufacturers ignoring threats
“Because of the demand of IoT and smart home devices, impetus is usually put on the speed of manufacturing and an affordable retail price, with security sometimes coming as an afterthought. Hardware manufacturers are rarely experts in security software so consumers have to figure out how best to keep their devices and their personal information safe and secure, with many not knowing how,” he tells us.
Turner says common devices such as broadband routers and webcams are easy targets for hackers. Cyber criminals are also using webcams to take down internet services.
“Internet routers are one of the devices revealed to be hackable and, in a recent study, Avast found that nearly half of all routers (47%) in the UK are in fact unsecured, along with around a fifth of the webcams (22%) in our homes. Webcams are in fact a popular choice with hackers who access these devices either to create a botnet which can take down our internet services, as happened to Talk Talk routers just last year,” he says.
Before an attack occurs, it’s important to ensure your devices are secure, and Turner says there are some basic steps to do this.
“Firstly, change any default passwords as soon as you get a device – or immediately if you have never changed any that you currently use – and make sure that your passwords are unique to each of your appliances and not shared across other devices. Also ensure you have a good and up-to-date antivirus software,” he suggests.