Living in a smart-enabled home? It certainly has its benefits. Ordering household supplies at the touch of a button on the cupboard or washing machine; turning the heating up via your phone before you even arrive home; issuing smart keys to tradespeople to access your property whilst you’re at work. We can switch the lights or TV on remotely to make it look like we’re home after dark, and we can even see what’s going on in the house when we’re out using cloud cams.
Our lives certainly seem to be getting so much easier and, you would think, more safeguarded thanks to smart technology. But have you stopped to consider how secure all these WiFi connected devices actually are?
Even children’s toys are connected to the internet these days. But worryingly these, and household devices that are remotely controlled over the web, are actually laying homeowners wide open to serious risks including break-ins and spying.
Devices that are not adequately secured can open a home up to extremely shocking consequences. Often set with no password or a default, smart devices can provide a far too simple way for cyber criminals to obtain personal details from any web pages or apps that are not using secure encryption.
Kaspersky Lab’s Denis Makrushin has said, “Cyber-attacks conducted by seemingly harmless connected devices are no longer just the stuff of movies, or even of the future. They are a very real and current threat.
“As more devices have connectivity built-in, users urgently need to realise they must employ the same level of security for mobile phones and computers.”
The Mirror newspaper uncovered the calculating methods used by cyber criminals to acquire personal details. It also reported that whistleblowing website WikiLeaks has published documents which it claims revealed the range of hacking tools used by the CIA. These include techniques developed to transform everyday household gadgets such as smart TVs into spying devices.
The newspaper challenged First Base Technologies, the online security company used by financial institutions, supermarkets and the government to uncover holes in their online security systems. The response revealed major cause for concern.
On attempting to access a British Gas Hive Active Heating system controlled by a mobile app, the company’s (legal) hacker, Rob Shapland, was able to access the device with ease. Worryingly, he managed to obtain the owner’s home address and holiday dates.
Hackers start their in-road with a name. They then search for social media accounts. Then, through the ‘forgot my password link’ and internet searches, they can work out an email address. All they then need is a password, which hackers can find easily by searching previous data hacks databases. These are logs of illegally harvested data shared by hackers in secret parts of the web. Because most people use the same passwords for all their accounts, this method is usually effective in revealing login information.
Mr Shapland’s key message was that passwords should ALWAYS be varied across different accounts and devices, even for devices that do not store financial information. Just bear in mind how dangerous it would prove to reveal your holiday dates: it’s almost as risky as leaving your front door unlocked.
Rob Shapland demonstrated how hackers could well be spying on you without you knowing. According to the Mirror newspaper, 100,000 British devices are believed to be at risk in this way. Even security cameras, designed to safeguard your home, could be putting you in a perilous position.
Some smart cameras are designed to be accessed using an app. Hackers access them using the default password. And how do they know when a camera only has the default password set? By using a piece of software intended for security analysts, hackers can see which webcams in any local areas are using the default setting of no password.
The advice here from Mr Shapland: “If you need to be able to access your webcam while you’re not at home, make sure it asks you for a password. Don’t use anything that doesn’t allow you to set a password.”
It is reckoned that by 2020, there will be 212 billion connected Internet of Things devices.
Cyber-crime is estimated to net £34 billion per year, with six million people having become victims in just the past year alone. 1.4 million have reported computer virus attacks, and 650,000 email accounts and social media profiles have been compromised.
Hugh Simpson, security expert at Zyxel, says: “The more devices that integrate into the wireless network, the more risk and indeed the more that people know about you. So a balance between convenience and security is key.
“There are some basic practices that should be followed by everyone, from individual home users to the largest global enterprises. These include using strong different passwords, regularly checking for and installing software updates and implementing appropriate security software.”
Regular updates can prevent internet-connected devices falling prey to hackers and their continuously evolving attacks.
If you are in any way concerned over the security of your internet-connected devices whether at home or at work, why not seek the tailored advice of our experts here at IQ in IT?