The increased use of connected devices in the home means the probability that your cameras watching for intruders or temperature control monitor can be hacked is mounting as consumers are not boosting the security of their networks.
Being too connected within your home can make you a victim of a cyber attack as the sale of smart-connected home devices continue to surge, because they are becoming more affordable and commonplace.
The number of connected devices is estimated to reach 4 billion in the consumer sector this year and is predicted to rise to 13.5 billion in 2020, according to Gartner, a Stamford, Conn.-based information technology research and advisory company. Smart devices now include household appliances such as refrigerators, washers and dryers along with light bulbs, cameras and sensors.
Large-scale attacks by hackers have not occurred yet since the operating systems are diverse, but as they become more ubiquitous, the likelihood will rise.
Fears of Big Brother or cyber criminals watching people in their homes due to internet-connected devices with vulnerable defaults or outdated software are not unfounded. Hackers who gain access into a live video feed and download it onto websites for people to pay for the footage already exist, said Michael Gregg, COO of Superior Solutions, a Houston-based cybersecurity firm. Here is a list of open insecure cameras.
Since average users often fail to understand the importance of patching, updating and securing home devices, they are making it easier for hackers to infiltrate the system, he said.
"Even if end users do patch these devices, what happens in a couple of years when the developer moves to a new version of the device and stops supporting the old equipment?" Gregg said. "End users are likely to keep such devices connected to their home network for years."
How to Combat Security Issues
Consumers need to be wary of the security of these devices and should refrain from skipping over implementing basic security such as passwords, he said. Many of the manufacturers of these devices focus on making them easy for average consumers to use instead of security.
"We performed a penetration test in Florida where we were able to activate the microphone on a smart TV to demonstrate to a client that we could listen in on board meetings," Gregg added.
Purchasing the most inexpensive item has its downfalls, because the security settings could be more lax, said Dan Lohrmann, chief security officer at Security Mentor, a Pacific Grove, Calif.-based security awareness training provider. Change the default password to a personal one that is not easily hacked and turn on all the available security and privacy controls.
"Consumers must make wise choices on the device purchases they make," he said. "Understand that the threats are real."
Determining what personal data is stored and where by the manufacturer is also important, especially if the device connects to a larger Internet of Things or IoT platform.
"Take extra care to ensure that the platform security controls are working properly and to the greatest extent possible," said Lohrmann. "If these devices are running on a home network, put them on a separate Wifi than any computers with sensitive data."
As a larger number of devices are connected to the internet, consumers need to be aware that this feature is becoming more ordinary.
"They connect that Ethernet cable to their TV, because it's an open port and their manual says they should and then immediately forget about it because they never wanted an internet-connected TV in the first place," said Michael Borohovski, co-founder of Tinfoil Security, a Silicon Valley cybersecurity firm specializing in web/mobile vulnerability detection and remediation.
The hacker could use that unknown attack vector to obtain access to their network and also their security cameras or baby monitors, he said.
"This leads them to the backup server, which gives them all of your personal photos and videos," Borohovski said. "Since the fridge is on the same network, you just ordered 8,000 pounds of butter."
The security of your WiFi is becoming even more critical, because the more devices you have connected with poor security, the odds of a hacker penetrating your home network becomes greater.
"It's a scary thought and people should be aware," he said.
Disconnecting devices which do not need to be connected can lower the opportunity for cyber criminals to gain entry.
"There's no reason for it to have internet connectivity 'just in case,'" Borohovski said. "If you do give it access, make sure to constantly check for any updates and apply them even if it's annoying and make sure to change all the default usernames, passwords. If you can set your home router to limit access from the outside to a single IP or set of IPs, that's even better."
Similar to companies who implement different networks for various types of content or users, consumers can also follow this strategy at home by using two different routers on separate channels, said Alex McGeorge, head of threat intelligence at Immunity, a Miami Beach, Fla.-based offensive security firm.
"Or you can use one router and separate the devices along the 2ghz/5ghz channels as long as the network IP spaces don't overlap," he said. "By doing this, most smart devices are then separated from your main WiFi network."