Unless you’re a public figure, the chances that cybercriminals are targeting you are slim to none or so you’d think. Sadly, the connected devices in your smart home make you fair game to attackers. Malicious individuals can take advantage of your unsecured Internet of Things (IoT) gadgets to enter your home network or turn them into bots to launch attacks against bigger targets.
A report says two out of five smart homes are vulnerable to IoT attacks. It also reveals that one out of three homes has at least one unprotected IoT appliance that puts their owners at risk.
What Happens When Your IoT Devices Are Vulnerable?
Not regularly updating or patching the software on IoT devices like smart TVs and security cameras allows cybercriminals to control them remotely.
Though not all may be used to spy on you, that can happen too. Attackers hack most IoT gadgets so they can intrude on your life. We have seen bad guys, for instance, hack billions of unprotected routers (these used default passwords) to take down targets’ servers with the now-infamous Mirai botnet.
Maybe it’s hard to imagine hackers using a smart toy or a baby monitor for attacks, but we have seen these happen. Snoopers can connect to these devices via Bluetooth, or breach the app used to control them to broadcast threats or play an audio file. In fact, the FBI warned about these incidents two years ago, telling consumers to keep their login credentials for IoT devices secure. They noted that hackers could use these devices to spy on targets in preparation for a grander scheme like identity theft or, worse, kidnapping.
Watch this video to learn more.
What Makes IoT Devices Hackable?
In the simplest terms, any gadget that can access the Internet, usually controlled via a smartphone, is an IoT device. Problems start because these devices typically use unsecured connections. Most people never take the time or even know it’s a good practice to change the default passwords on their routers, for example, which automatically leaves them open to attacks.
In addition, some IoT devices are not built with security in mind. Manufacturers often rush the production of low-cost products with weak security features to meet the market demand. Take inexpensive security cameras, for example. Most of them were mass-produced using the same replicable design. That means a security loophole in one device is likely to present in similar models.
These cheap devices also come with the same app that allows users to activate and control it. Unfortunately, the said apps do not encrypt connections. Encryption converts data, such as passwords and messages, into indecipherable formats to protect the users’ privacy. So, when people connect these hackable devices to the Internet, they end up broadcasting their Wi-Fi passwords over the network connection.
Which IoT Devices Are Easily Hijacked?
At the top of the list, you will often find:
- Smart printers: Researchers believe smart printers top the list of hackable IoT devices. They scanned 16 million smart devices worldwide and found that insufficiently secured smart printers were among the top 3 causes of IoT attacks in the U.S., Canada, Singapore, South Korea, and Japan. Brother smart printers, for instance, have been diagnosed with a bug that leaves them open for use in denial-of-service (DoS) attacks.
- Security cameras: These gadgets came second. Around half of them that are installed in smart homes do come cheap but have subpar security features. And this leaves homeowners vulnerable to spying, credential theft, and account hacking.
- Routers and NAS devices: Routers and network-attached storage (NAS) devices—large-capacity external hard drives that are connected to home networks to, say, watch movies on any connected TV—also prominently figure in IoT attacks. An assessment of routers and NAS drives revealed 125 vulnerabilities that make them easily hackable.
- Media boxes: Last but not least are media boxes (those devices you attach to your TVs so you can stream programs). Kodi boxes, for instance, pose a lot of privacy issues for users due to software vulnerabilities.
We have yet to see vulnerabilities vanish from new IoT product rollouts. So what can be done? For now, we should immediately install security patches as manufacturers release them. And because most attacks succeed due to password hacking, we need to use stronger passwords.