Don’t imagine that it’s only the unlucky few who get caught out by hackers penetrating their Smart Home Automation security protocols. Rather than being a rare occurrence, hacking is a huge and ongoing problem, especially for anyone who relies on default settings to keep them safe.
Consumer magazine Which? installed a number of Smart Home devices, enough to adequately reflect those of a well equipped home, and found that in a week they had more than 10,000 scans or hacking attempts made. While scans aren’t necessarily malicious, they just look to see what products are being used where, there were more than 2,435 specific hacking attempts, which adds up to 14 attempts by a hacker to force their way in to (what they believed to be) someone’s Home Automation Environment every hour for an entire week.
During the trial it was found that an Epson printer and an ieGeek security camera were most often targeted by hackers. The attempts at the printer prove that it’s not always the most obvious devices which get the most attention, but those which are the least likely to be properly passworded because they’re innocuous and need to be available to the whole family. While the printer’s default password did stand up to the hacking, the camera did less well and someone was able to take control of it, giving them access to the images and allowing them to change settings. (the ieGeek camera tested has now been withdrawn from sale by Amazon following Which?’s investigation. Amazon had championed it as their Amazon Choice after more than 68% of its reviews were five star on their platform.) Amazon representatives said “We require all products offered in our store to comply with applicable laws and regulations and have developed industry-leading tools to prevent unsafe or non-compliant products from being listed in our stores.”
What’s The Point of Hacking A Smart Device From Thousands Of Miles Away?
Which?’s analysis of the attempted hacking revealed that attacks came from all over the world, but the most concentrated efforts to get access came from the US, Russia, China, India and The Netherlands. Of course there is no way of knowing for sure where they are really located since they will most often use VPNs or botnets, a raft of other computers they already have control over, to disguise and protect themselves.
In any case the reason for attempting to force access to a home network by a human is always malicious. These can include the installation of spyware, ransomware, data theft, identity theft, surveillance and seizing control of devices such as camera, access controls and alarms.
Another reason for malicious attacks on your IoT devices is in order to recruit them into the service of an ever expanding botnet called Mirai. This robot network thrives by constantly looking for more smart devices it can get access to, which it then uses to both grow, and to attack websites through DDoS (distributed denial of service) attacks such as those which brought down Twitter and Amazon in 2016.
Defaults Are Improving, But Much More Can Be Done At Home In A Few Minutes
The UK government is introducing legislation which will require Smart and other connected devices to meet more stringent basic security standards. Default user names and passwords such as ‘admin’ or ‘123456’ will be made illegal to supply as a result of this legislation. The ieGeek security camera which fell to hackers was targeted 2,260 times by people trying to guess the weak password, and at least one person was successful. The enforcement of stricter access defaults and the fact that even a basic improvement to a devices security should mean that, when the law is introduced, anyone who owns an IoT device will be much safer.
Back at the test site, printers, TVs and other branded smart security systems were also targeted, however, thanks to the fact that they had slightly stronger default security settings, they were able to resist the hackers. This case is proving that almost any attempt the consumer makes to protect their devices with usernames and passwords which are hard to guess will probably be perfectly adequate, unless the hacker knows you personally and you use something ‘memorable’ such as your favourite team’s name, the names of your children, or your pets. The legislation which the government is introducing isn’t expected to be law until at least next year, but in the meantime it’s important to change the password of any devices you have to long, hard, complex character chains which are hard for humans or machines to guess at.
The Steps You Can Take Today To Protect Yourself In The Future
While it’s quite staggering to see just how many attempts are made at hacking a perfectly standard home network, it’s also reassuring to see how many of those attempts failed thanks to the most basic of precautions being taken by the people who installed them.
When you install any piece of IoT networked technology you should always take these steps to ensure that nobody will be able to access your data or take control of devices:
- Change default passwords to a long, complex string of numbers and letters, ideally use a password manager which you trust that can create these codes for you.
Turn on security features such as two factor authentication where available. It can be a faff when you have to input your info then wait for a text to complete your log in, but it only takes moments and will help you protect your most important data.
- Subscribe to the manufacturer’s newsletters and run updates. Newsletters will keep you informed of any important developments or urgent updates while running regular scheduled updates will ensure that your devices’ security is always optimal.
- Beware of fraud and phishing. If a stranger phones and tells you they need to access your computer for any reason, they don’t. Never install any software you’re not completely confident you know where it came from and don’t reply to phishing emails, emails which try to gather your personal details by asking you to confirm who you are, your security precautions, user names or passwords.
- And finally, if you do have a piece of technology which doesn’t allow you to change settings which would improve security not only for that device, but your entire Smart environment, try taking it back. The shop manager may be cooperative, but if they’re not, try quoting the consumer rights act as it’s questionable that the product is of satisfactory quality, or fit for purpose.
Briant Communications is a professional, experienced and insured Smart Home Automation installer who take your online security very seriously. We install and configure all of the Internet of Things devices we install with the utmost care and diligence, ensuring that your home is as safe as possible from digital attack. For more information, or a free, no obligation quote from one of our installers, call us on 01273 465377 or send an email to firstname.lastname@example.org