Thinking of buying a smart device? To protect your safety, ask yourself these five questions
Homes are getting smarter: smart thermostats manage our heating, while smart refrigerators can monitor our food consumption and help us order our groceries. Some homes even have smart doorbells that let us know who is at our door. And of course, smart TVs allow us to stream the content we want to watch, when we want to watch it.
While this all sounds very futuristic, a recent survey tells us that 23% of people in Western Europe and 42% of people in the United States use smart devices at home.
If a compromised smart device has a camera or microphone, an attacker can access it and all data on the device can be read, viewed, copied, modified or erased. The compromised smart device may start watching your network traffic, trying to find your usernames, passwords, and financial data. It may appear to take control of other smart devices you own.
For example, an attacker could adjust the temperature of a smart thermostat, making the house too hot, and demand a ransom payment to allow you to regain control of your central heating. Alternatively, an intelligent CCTV system can be taken over and the data monitored by an attacker or deleted after a break-in.
Smart devices can also attack other systems. Your smart device may be part of a “botnet” (a network of compromised smart devices under the control of a single person). Once compromised, it will search for other smart devices to infect and recruit into the botnet.
The most common form of botnet attack is called a Distributed Denial of Service (DDoS) attack. This is where the botnet sends hundreds of thousands of requests per second to a target website, preventing legitimate users from accessing it. In 2016, a botnet called Mirai temporarily blocked internet access for much of North America and parts of Europe.
In addition to DDoS attacks, your smart devices can be used to deliver ransomware, software that encrypts a computer so that it cannot be used until a ransom is paid. They may also be engaged in cryptomining (the “mining” of digital currencies that earns the attacker money) and financial crime.
Read more: It’s far too easy for abusers to exploit smart toys and trackers
There are two main ways to compromise a smart device. The first is through simple default credentials, where a smart device has a very basic username and password pre-installed, such as “admin” and “password”, and the user does not. has not changed.
The second is due to errors in the code of the smart device, which an attacker can use to gain access to the device. These errors (called vulnerabilities) can only be corrected by a security update released by the device manufacturer and known as a “patch”.
How to be smart AND safe
If you’re thinking about buying a new smart device, here are five questions to keep in mind that can help increase the security of your new device and your home. These questions can also help you ensure that the smart devices you already own are secure.
1. Do I really need a smart device?
Although Internet connectivity may be a convenience, is it really a requirement for you? Devices that don’t have a remote connection don’t pose a security risk, so you shouldn’t buy a smart device unless you really need your device to be smart.
2. Does the device have simple default credentials?
If so, this is a serious risk until you change the credentials. If you buy this device and the default username and password are easy to guess, you’ll need to change them to something only you will know. Otherwise, the device is highly vulnerable to being taken over by an attacker.
3. Can the device be updated?
If the device cannot be updated and a vulnerability is discovered, neither you nor the manufacturer will be able to prevent an attacker from getting hold of it. So always check with the seller that the device software can be updated. If you have a choice, you should choose a device with automatic updates, rather than one where you have to install updates manually.
If you already have devices that can’t be updated, consider removing their internet access (by disconnecting them from your wifi) or buying new ones.
4. How long has the manufacturer committed to supporting the device?
If the manufacturer stops releasing security updates, your device will be susceptible to compromise if a vulnerability is later discovered. You need to confirm with the seller that the device will be supported for at least as long as you plan to use it.
5. Does the manufacturer run a bug bounty program?
These are programs in which a company will pay a reward to anyone who identifies vulnerabilities in their code base. Not all companies operate them, but they suggest that the manufacturer takes the security of its products seriously. Details will be on the manufacturer’s website.
Read more: Smart speakers: Why sales are skyrocketing despite all our privacy fears
It is not easy to find out if your smart device has been hacked. But as long as your smart devices are supported by their manufacturers, update when needed, and have strong credentials, it won’t be easy for an attacker to gain access.
If you’re worried that your device has been hacked, perform a factory reset, change the username and password to something new and unique, and apply any available updates.