In recent years, there has been an influx of smart technologies integrated in our homes, aimed at making our lives safer, more convenient, and cost-efficient. However, not all is perfect with this incorporation of smart devices and systems, as security researchers are increasingly uncovering exploitable vulnerabilities in these products (many of which are off-the-shelf). According to a recent report from researchers at Ben-Gurion University, many smart devices and technologies built for people’s homes are highly insecure, and capable of being infiltrated in under 30 minutes.
The report emphasized how disturbingly accessible many of these smart devices and technologies are for criminals, after 16 off-the-shelf smart home accessories (baby monitors, home security cameras, doorbells, thermostats, etc.) were examined. The research team discovered several different ways hackers could breach these gadgets, with the most unsettling method simply requiring cybercriminals to track down these accessories’ default factory-set passwords.
According to the report, it only takes about 30 minutes to find passwords for most of these technologies, with some being uncovered by a simple Google search of the brand. Once an IoT device like a security camera or baby monitor is accessed by an outsider, a hacker can set up a whole network of these models that they’re capable of remotely controlling. With several studies indicating that several people don’t even bother changing default passwords, cybercriminals essentially have their pick from a more widely available selection of targets than many might have originally perceived.
According to one security research company report, 15 percent of consumer-owned devices they examined still used their default values, while a survey of over 1,000 remote IT workers from the United States and United Kingdom revealed that 46 percent of participants still used their default passwords on wireless routers.
In addition to their findings, researchers easily manipulated gadgets and pulled off peculiar feats like playing loud music through a baby monitor, turning off thermostats, or activating security cameras—all remotely. Although manufacturers need better securing of their devices before hitting the shelves, the research team’s findings have offered suggestions on actions consumers can take to better protect their smart home technologies.
One suggestion involves avoiding used devices that could already have been infiltrated by malware. The report also encouraged making purchases from reputable manufacturers, and not connecting anything to the internet unless it’s absolutely necessary. An obvious suggestion was using strong passwords and not using the same ones for different accounts. The research team is hopeful the revelations in their report will instate a greater sense of accountability for manufacturers by raising awareness, for both them and consumers, of how dangerous and easily accessible unsecured IoT and smart home devices can truly be for cybercriminals and other malicious entities.