More smart home tech hacks are leaving Australian homes exposed, cyber security experts warn
‘Smart’ home products from connected lights to internet doorbells are under increased scrutiny after a series of security problems left households exposed.
Consumer Issues
Don't miss out on the headlines from Consumer Issues. Followed categories will be added to My News.
Exclusive: The biggest security threat in your home could come from your ‘smart’ garage door, connected lights or internet-savvy doorbell this year, online safety experts have warned, after a series of new flaws were uncovered in smart devices.
And Bitdefender senior e-threat analyst Bogdan Botezatu told News Corp most smart home adopters had little idea how vulnerable they really were, or how a bug in a seemingly benign product could lead to real-world burglary or compromised bank accounts.
The warning comes as research shows more than half of all Australian households already use at least one smart home device, and they will use an average of 37 internet-connected devices within just three years.
One of the best known smart home devices, Philips Hue lighting, became the latest Internet of Things device to expose users to attack on Friday after Check Point Security revealed that hackers could exploit the technology from up to 100m away using nothing but a laptop and an antenna.
The flaw, which allowed hackers to access a home’s wi-fi network and plant malware, has now been patched, but Check Point cyber research head Yaniv Balmas said it showed how “even the most mundane, seemingly ‘dumb’ devices such as light bulbs can be exploited by hackers and used to take over networks”.
It comes after McAfee exposed serious security flaws with a smart garage door opening system that could allow hackers to gain entry and, perhaps more worryingly, a way to break into McLear smart door locks.
McAfee spokeswoman Alex Merton-McCann said the security flaws should be a wake-up call for tech buyers who often install gadgets first and ask questions later, if at all.
“Because, as a society, a lot of us are so incredibly time poor and busy, if there is a device that can make our life easier, we consider it,” she said.
“Buyers think about the benefits but they don’t think about the risks.
“These stories give us an indication of what is ahead for us and warn consumers that they need to be careful.”
Mr Botezatu, who helped discover a flaw in Amazon’s Ring doorbells, said users often had no idea “what these devices can expose, what information they pass to the cloud,” or how “bad actors” could exploit them.
A flawed connected doorbell, he said, could be used to gain access to every device connected to a home network or send unsuspecting users to a fake banking platform.
“We’re slowly connecting so many everyday appliances to the internet, from smoke detectors and door locks to ovens that can be used to burn down your home,” he said.
“This is just the start of a new trend that could be really risky. We’re increasing the cost of an attack.”
Despite the warning, Telsyte research showed the Australian market for smart home devices would be worth $5.3 billion by 2023, with an average of 37 smart devices connected to the internet.
Mr Botezatu recommended smart home tech users regularly checked for and installed software updates for devices, and employed security software on their routers that could help protect against attacks.
Ms Merton-McCann said consumers should also ensure they didn’t reuse passwords across multiple devices that could be used against them, and changed any passwords that had been set by default.
“These stories are a really good opportunity for Aussies to heed the warnings,” she said.
“Get your cyber hygiene up to scratch and make sure this is part of what you do as a family.”
5 SMART HOME DEVICES WITH HIDDEN RISKS
Ring Doorbell Pro: A serious security problem with the Amazon-owned smart doorbell, discovered by Bitdefender, could allow hackers to gain access to a home’s entire wi-fi network. It’s been partially fixed.
Belkin WeMo: Security holes have been discovered in the internet-connected light switches over the past two years, including a remote code execution problem that could let hackers take over other devices on the network.
Chamberlain MyQ Hub: This remote garage door-opening platform could be jammed by radiofrequency signals, creating an error and allowing thieves into homes.
McLear NFC Ring: The virtual ‘key’ for this smart door-locking system could be cloned, McAfee discovered, allowing attackers to unlock a user’s home.
CloudPets: Stuffed toys designed deliver parents’ voice messages were hacked, exposing more than 2 million messages and the details of 800,000 customers. Hackers also discovered they could send messages to the toys.