Researchers Find Smart Devices Ripe for Hacker Attacks

Thousands of hacker attacks were launched on a network of smart home devices designed by researchers to assess the risk the gadgets pose to consumers.

During the initial week the "honeypot" network was online, 1,017 unique scans or hacking attempts were directed at the devices on the net, which included smart TVs, printers, wireless security cameras and Wi-Fi kettles, according to researchers at the NCC Group, Which? and the Global Cyber Alliance.

The attacks continued to grow, reaching 12,807 during a subsequent week, with 2,435 of those attempts to log into a device with a weak default username and password.

Most of the devices in the "hackable home" environment were able to prevent attacks through basic security protections, although this doesn't mean they'll never be at risk, the researchers explained in a statement.

The most concerning issue we found, though, they continued, was a connected camera which had a weak default password, which allowed a suspected hacker to gain access to the camera stream. However, the camera lens was taped over.

"Most of these attacks are automated," observed Matt Lewis, an analyst with the NCC Group, a cybersecurity company in the UK.

"They don't know what they're targeting," he told TechNewsWorld. "They just know how to access a service and try some common weak user name and password pairings."

"The one that stood out to us was user name admin and password admin, which is a common configuration for a lot of devices," he added.

Hacker Magnets-

Ilia Sotnikov, a security strategist and vice president of user experience at Netwrix, a visibility and governance platform maker in Irvine, Calif. noted that several types of hackers are attracted to smart home devices.

"The most benign attackers are geeky kids learning technology by breaking it," he told TechNewsWorld. "They would not look for financial gain. They are pranksters that enjoy waking someone by turning on their smart light bulbs in the middle of the night."

"They are not completely harmless though and can cause damage or money loss, if they decide to play with devices connected to your digital marketplace accounts," he said.

"Another type of attacker can be compared to a prowler, checking on unlocked doors in a neighborhood," he continued. "In a 'drive-by compromise' they are looking for financial gains and will exploit what they can."

"Probably the most abominable attackers are child abusers and pedophiles, hijacking cameras and internet-connected toys," he maintained.

"Finally," he added, "for a very few high-profile targets, smart devices can be just one of the attack vectors that allow adversaries to collect intelligence and break into their lives."

Smart home devices are attacked by hackers in many cases because the attacks are easy to do, noted Wright.

"Many devices are still being shipped from the factory with inadequate security protections in place, such as security codes to access the device being 1234 or 0000," he said.

Consumer Protect Thyself

Wright added that security is important to smart home device buyers. He cited a 2020 IDC survey that found 71.4 percent of smart home users were at least somewhat concerned about device and data security.

He noted that leading security concerns of the survey's respondents focused on unauthorized control of devices, identity theft and conversations being recorded. Fewer consumers were concerned about purchase habits being discovered.

For consumers who want to protect their smart home devices from hackers, Sotnikov offers these tips:

• When you get a new device, always change the default password or set the password, if it's not protected, out of the box.

• Check other security settings and consider hardening them. These will depend on the type of device. They include options such as turn off the mic on a voice assistant when you don't use it, disable access to your address lists, set additional protection for online purchases and turn on additional confirmation or notifications.

• Make sure to enable the setting to download and install security patches, if the device manufacturer provides them. Unpatched vulnerabilities can provide hackers the quickest way to get into your system.

• Consider segmenting your home network so that someone hacking the smart fridge and lightbulbs cannot jump over to your PC and gain access to your personal or work IT systems.