HomeSMART VAULTGADGETSSmart Home Devices: "Most Of Them Don't Know The Risks"

Smart Home Devices: “Most Of Them Don’t Know The Risks”

Intelligent home devices pose a security risk. Not (only) because of their functions, but rather because they offer hackers a good target. We discussed why this is so and how you can better protect your devices with a cybersecurity expert.

In 2020, at least one innovative home application was on the way in 7.2 million households. It is estimated that by 2024 it will be as much as 13.2 million.

No question! Smart home devices such as voice assistants, intelligent loudspeakers or even security cameras are practical. But they also pose a significant security risk because they can be hacked easily.

We talked to a cybersecurity expert about why manufacturers and users are better responsible for protecting intelligent home devices and why an intelligent toothbrush can be an attractive target for hackers.

Intelligent Home Devices Particularly Attractive To Hackers

BASIC thinking: according to current investigations, 34 percent of cyber attacks on access data in intelligent home devices occur via empty input fields. This suggests that the yield is high, so many devices are probably not protected with passwords at all. Why are owners so negligent on the inside?

Most users have no idea what specific risks are associated with using smart home devices.

Usually, there is often a lack of knowledge about how the devices must be secured – i.e. that both a router and the smart home devices need a password to offer a certain level of protection.

Does That Mean That The Manufacturers Are Providing Insufficient Information Here?

Yes, exactly. It is actually because the users are not fully informed here. But also that not all manufacturers are doing enough to protect their devices. Car manufacturers are a good counterexample.

In What Way?

You don’t have to put in the brakes and airbags when buying a car first. You can rest assured that the automobile manufacturers will take responsibility for safety and that the users will be informed about their contribution to security and how they should behave accordingly.

Intelligent home devices would have to be offered by the manufacturers so that commissioning without a password is not possible at all. Furthermore, it must be ensured that the configuration of the smart home device can be carried out by the user simply, quickly and safely.

It’s About More Than Privacy

What Is The Risk If Intelligent Home Devices Are Hacked?

There are various dangers. One is, for example, that the privacy of the residents is violated. This happens when an unsecured video camera is hacked via the Internet, enabling attackers to gain insight into the living space.

This is not trivial because it violates the residents’ rights and opens up the possibility of planning a break-in because the attackers can see that no one is at home.

Hacking Of Intelligent Home Devices Affects Internet Structure

But Is There Another Underlying Problem Beyond That?

Yes. Hackers can misuse video cameras and other innovative home items such as printers, toothbrushes or coffee machines connected to the Internet for their purposes.

For example, a large number of these devices have already been used several times by attackers to merge them as a bot network to very successfully improve the overall infrastructure of the Internet with the help of a DDoS attack, which has an enormous impact of up to 1.5 terabits per second.

This makes the Internet very vulnerable, is no longer reliable and thus endangers digitization.

Can You Explain That In More Detail?

The abbreviation DDoS stands for Distributed Denial of Service. These are attacks by Internet activists: inside and usually compromised IT systems (botnets), which are used to paralyze selected target IT systems in a coordinated manner with a large load of special requests by exhausting the available resources.

There are botnets with many bots (compromised IT systems): a thousand, ten thousand or even a million. If an attacker can use 100,000 bots, each bot has 100 kilobits per second upstream (i.e. only a fraction of the available bandwidth), then the attacker could carry out a DDoS attack with ten gigabits.

A New Level Of Danger

What Is The Danger Of These Botnets?

Both networks have long been known as a threat to the availability of services on the Internet. IoT bot networks represent a new level of danger for the Internet’s infrastructure. In contrast to conventional bot networks, IoT bot networks mainly consist of compromised IoT devices.

IoT devices have the property of being permanently available online with good bandwidth without direct user control. As a result, once the IoT devices are under the supervision of a hacker, they are always ready for an attack with high available bandwidth.

For this reason, manufacturers should protect their customers and be aware of their responsibility to society and prevent attacks on the Internet infrastructure.

Smart Devices Too Easy To Hack

This Brings Us Back To Smart Home Devices Without Passwords

Right. The attackers search the Internet for IoT devices, test whether these are still configured to the manufacturer’s default password and then bring unsecured devices under their control (botnet).

Compared to the usual methods such as “social engineering” or “email poisoning”, this approach enables an enormous reduction in the effort since poorly secured intelligent home devices can be attacked directly.

How High Do You Rate The Risk That Something Like This Will Happen In Everyday Life?

As experienced over the past few years has shown, the risk of attack by smart home devices is very high. Therefore, my appeal to manufacturers and users is to do everything inside to ensure that smart home devices cannot be attacked.

Better Protection For Smart Home Devices In Everyday Life

What Tips Do You Have For Homeowners To Find Good Passwords?

The rules for passwords are not complicated.

  • Do not write down the password anywhere, and do not share it with anyone.
  • Only one person may know the password. Minimum length: ten places, better twelve places.
  • It would be best to use only lower and upper case letters in combination with numbers and special characters.
  • At first glance, the symbols used should appear to be a senseless combination.
  • Use a password for one service only, and the password should be changed at reasonable intervals.

Are There Other Ways Besides Passwords To Protect Smart Devices From Attacks?

Ideally, the smart home device should not be accessible via the Internet because then attackers have no way of accessing it inside.

But Don’t Many Smart Home Devices Require A Constant Internet Connection?

Most of the offers are run via an intelligent home cloud or digital assistants such as Alexa, who also carry out all activities on the Internet. To do this, the IoT devices must be addressed by the Internet.

But there are also solutions in which “management” can occur in the home, which means that the devices are not connected to the Internet.