Researchers created a network of smart home devices in order to evaluate the danger that the devices represent to customers. Thousands of cyber assaults were conducted against the network.
According to researchers at the NCC Group, Which?, and the Global Cyber Alliance, during the first week the “honeypot” network was online, 1,017 unique scans or hacking attempts were directed at the devices on the internet, which included smart TVs, printers, wireless security cameras, and Wi-Fi kettles.
After that, the number of assaults increased, reaching 12,807 over the next week, with 2,435 of those attempts to get into a device using a weak default username and password combination.
The majority of the gadgets in the “hackable home” environment were able to avoid assaults via simple security measures, but this does not rule out the possibility that they could be attacked in the future, according to the researchers in a statement.
Although they proceeded, they said that the most worrisome problem they discovered was a linked camera that had a weak default password, which enabled a suspected hacker to get access to the camera’s feed. The camera lens, on the other hand, had been taped over.
Observed Matt Lewis, an analyst with the NCC Group, a cybersecurity firm based in the United Kingdom, “the vast majority of these assaults are automated.”
“They have no idea who or what they’re going after,” he told TechNewsWorld. “All they know how to do is visit a service and attempt some typical weak user name and password combinations,” says the author.
According to him, “the one that stuck out to us was the usage of the user name admin and the password admin, which is a typical setup for many devices.”
a nefarious assortment of goods
Lewis pointed out that the majority of the activity seen by the researchers was most likely innocuous. According to him, the attacks came from big internet firms who were monitoring the internet to see what was out there. They were searching for vulnerable IP addresses because they were more inquisitive than they were malicious, according to the report.
Although he acknowledged that “we did detect some CCTV camera activity that might be linked to a known threat actor in Russia,” he went on to say that
Russell, a vice president of Interpret, a worldwide consulting firm, said that device data in the smart home sector differs significantly from personally identifiable information.
he told TechNewsWorld. “It’s a lot tougher for consumers to be concerned about a single piece of data from their thermostat, water sensor, or garage door opener.”
As a result, he said, “hackers haven’t had much of a motivation to get access to smart home data.” They would be better served by concentrating their efforts on distributing ransomware and collecting very valuable information such as credit card and social security numbers.
Nonetheless, this does not rule out the possibility of smart home gadgets being used to do damage to their owners.
It’s possible for a smart thermostat to be compromised and therefore give access to personal computers and digital data, according to Adam Wright, a senior research analyst at IDC who specialises in the smart home.
According to him, “a hacked smart camera or baby monitor may enable the same harmful behaviour as a hacked thermostat,” but “as an added bonus, the camera itself can be used to spy on individuals or to interact with or annoy people in the house,” he said.
In addition, Tom Brennan, chairman of Crest USA, a worldwide not-for-profit cybersecurity accreditation and certification organisation, said, “Any device that is linked to the internet and has been hacked may be utilised as a jumping-off point to other devices.”
In addition, he said to TechNewsWorld, “it may be utilised as an exfiltration point to transfer sound, video, and data out of a residence.”
Magnets for Hackers
Ilia Sotnikov, a security strategist and vice president of user experience at Netwrix, a visibility and governance platform provider based in Irvine, Calif., pointed out that smart home gadgets are attractive to a variety of different kinds of hackers, including nation-state hackers and cybercriminals.
In an interview with TechNewsWorld, he said that the most benign attackers are geeky youngsters who are learning technology by breaking it. “They would not be interested in monetary gain. This group of people love waking up others by turning on their smart light bulbs in the middle of the night, which they call pranking.”
The author cautioned that “they are not entirely innocuous and may cause damage or financial loss if they choose to toy with gadgets that are linked to your digital marketplace accounts.”
Continuing, he said, “another kind of attacker may be likened to a prowler, who walks about checking on unlocked doors in a neighbourhood.” “In a ‘drive-by compromise,’ they are seeking for financial advantages and will take advantage of any opportunities that present themselves.”
According to him, “the most heinous perpetrators” are child abusers and paedophiles who “hijack” cameras and internet-connected toys to carry out their crimes.
He said, “Finally, for a small number of high-profile targets, smart gadgets may be only one of the assault channels that adversaries use to gather information and infiltrate their life.”
According to Wright, smart home gadgets are often targeted by hackers because of the ease with which the assaults may be executed.
Despite this, he claims that many gadgets are still being delivered from the manufacturer with insufficient security measures in place, such as security codes to access the device that are 1234 or 0000.
Protect Yourself as a Consumer
Buyers of smart home devices, according to Wright, are concerned about security. Using the results of a 2020 IDC poll, he said that 71.4 per cent of smart home customers were at least somewhat worried about the security of their devices and data.
In his remarks, he pointed out that the top security concerns raised by survey participants were unauthorised control of devices, identity theft, and the recording of conversations. A smaller number of customers were worried about their purchasing patterns being revealed.
Sotnikov provides the following recommendations for customers who wish to safeguard their smart home equipment from hackers:
When you get a new device, always update the default password or create a password if the device is not secured out of the box, if it is not protected already.
Other security settings should be checked, and they should be hardened if necessary. These may vary depending on the gadget in question. Options such as turning off a voice assistant’s mic when you are not using it, restricting access to your contact book and setting extra security for online transactions are among those available.
Make sure that the option that allows you to download and instal security patches is enabled if the device maker offers such updates. Hackers may use unpatched vulnerabilities to get access to your system in the shortest amount of time.
You should consider segmenting your home network so that someone who hacks your smart fridge and lightbulbs does not have access to your PC and personal or professional IT systems.