Why smart home products risk cyber attacks, security threat for families
They’re meant to make our lives easier but an increasing number of smart home gadgets are ‘giving hackers a door’ into Aussie homes due to lax security, software flaws, and poor use. MULTIMEDIA SPECIAL
True Crime
Don't miss out on the headlines from True Crime. Followed categories will be added to My News.
Security flaws in everything from connected light bulbs to smart fridges, door locks and washing machines are putting the privacy of Australians at risk, experts warned, after a new series of dangerous vulnerabilities were discovered during the coronavirus pandemic.
Researchers have unearthed technical problems in “hundreds of millions of devices” in recent weeks, leaving homes open to attacks, as well as critical problems with the Wi-Fi routers that connect them to the internet.
And security professionals say Australians are failing to take basic precautions when installing smart devices, in a trend akin to “giving hackers a door into your entire house” during a time of heightened security fears.
Among the new threats, Israeli security agency JSOF found 19 networking problems dubbed Ripple20 affecting “millions” of products from big brands including HP, Samsung, Phillips and Intel, and ESET discovered vulnerabilities in three smart home hubs, including a model from Fibaro sold in Australia.
Video from unsecured Australian security cameras also showed up on a Russia-based website last month, and it followed security problems in an iBaby monitor, smart garage door platform, connected light bulbs, a video doorbell, and keyless locks.
McAfee cyber security spokeswoman Alex Merton-McCann said Australians were “more at risk than ever” from smart home security problems with now many people were working from home, in lockdown, and facing the threat of growing cyber attacks from well-resourced, foreign actors.
“I hope the big cyber attacks happening in Australia at the moment will provide everyone with a bit of a wake-up call about what they need to do in their own patch,” she said.
“We need to realise if we are going to have connected devices, we need to be proactive (with security) and take this stuff seriously because it can have catastrophic effects.”
CEDIA is a home technology trade organisation and consultant Paul Skelton said he had already heard a growing number of “horror stories” related to the use of smart home products in Australia, with more consumers buying do-it-yourself smart home gear, failing to change default settings or set new passwords, and learning about security risks the hard way.
“Realistically, if (unprotected devices) are connected to your network, you’re giving hackers a door into your entire house,” he said.
“It can be just as devastating to have people break into your files, your photos, your network.”
Bitdefender senior e-threat analyst Liviu Arsene said the company recently witnessed successful attacks on Wi-Fi routers that had changed users’ settings and redirected legitimate web addresses to sites with malware pretending to be from the World Health Organisation. Some users only recognised it was a trick when their antivirus software prevented them from installing the program.
“(Internet of things) device are good, smart devices are amazing but they come with risks, especially in the context of cyber warfare and espionage,” Mr Arsene said. “We’ve seen a lot of state-sponsored groups now focus on popular platforms.”
Despite the emerging risks, research firm Telsyte estimates Australian households will have more than 30 devices connected to the internet by 2022, driven by connected lights, cameras, plugs, “and other smart appliances such as speakers”.
Dr Vincent Candrawinata, founder of health firm Renovatio, said he did plenty of research before setting up his Sydney home with smart devices controlling everything from the airconditioning to music played throughout different rooms.
His smart home gadgets include connected cameras, a video doorbell, Google smart speakers, door sensors, and even an internet-connected control for his garage door.
“It’s mostly for peace of mind but if you go away on holidays, or a weekend trip, you want to leave your house knowing its secure and if something happens you know,” he said. “It’s not just about criminal activity, but leaks or windows blowing open.”
But Dr Candrawinata said he used a spreadsheet of complex passwords changed at random intervals to protect his house, and only chose products from known brands for critical tasks to protect his privacy and property.
Calamity cyber security expert Daniel Lewkovitz said potential buyers should avoid cheap, no-name products in stores and online, should regularly check all connected appliances for software patches, and make the hard decision to throw devices out or disconnect them if they were no longer being supported by manufacturers.
“With the advent of the internet fridge, we’re going from having a device that is expected to last for 10 to 20 years to having a device that will probably be out of date in six months,” he said. “These things can be plugged in and forgotten about. The forgotten relics will become the asbestos of the internet.”
Originally published as Why smart home products risk cyber attacks, security threat for families