In a world that’s increasingly dependent on electronic devices, it’s no surprise that homeowners wouldn’t mind being surrounded by tools that make their lives a whole lot easier. And despite the fact that the national average cost of home automation systems is $1,045 (which doesn’t include the cost of additional smart devices or professional installations), that hasn’t changed the fact that Americans want their home’s devices to provide convenience and connectivity. But don’t forget: if it’s easy for you to use, it may also be easy for hackers to access.
The Internet of Things (or IoT) continues to grow in popularity, with experts projecting that some 20.4 billion IoT-linked products will be in use by 2020. That’s likely good news for the seven out of 10 American consumers who are apparently comfortable with having houses equipped with smart home products. In fact, 31% of consumers in a recent survey regarded smarthomes as extremely or very important to them, and 69% reported owning a smart product. Only 14% were totally uncomfortable with the idea of having smart gadgets in their homes.
But those 14% might actually be onto something. Although many of those devices might not directly harm us in a physical sense, considering they use anywhere from 110 to 250 volts of electricity to operate, smart devices can be dangerous in other ways. New research suggests that these devices are extremely vulnerable to cyber attacks — and if owners don’t take steps to protect the IoT gadgets connected to their network, their security could really be at risk.
First, it’s important to understand that because IoT devices are internet-connected, they’re only as impenetrable as your router or internet connection is. Although routers typically come with built-in protective firewalls, the default configurations of these settings can still be quite easy to hack. In other words, if someone knows the default username and password that are typically set for all routers of your same model, that person will likely be able to connect to your router remotely, disable the firewall, and essentially take over your devices. If you leave the default setting for the username and password as “admin” and “1234,” you could be in trouble. What’s more, many router manufacturers won’t even offer updates that can patch these vulnerabilities — and that’s assuming the end user would even know to run them in the first place.
A new report from F-Secure, a cyber security provider, backs up how substantial this threat really is. Not only have the number of threats and attacks increased in recent years, but these hackers still rely on these kinds of basic security weaknesses. The number of IoT threats analyzed by F-Secure Labs doubled during in 2018. In addition, 87% of all observed threats involved targeting default or weak login credentials, unpatched vulnerabilities, or both. Other research conducted by Sophos, a UK-based security company, found that IoT devices are exposed to 13 hacker login attempts every minute. The majority of those attempts included well-known passwords and username choices, like “admin,” “123456,” and “raspberry,” the default password for Raspian, the operating system of single-board computers known as Raspberry Pi. There were also numerous login attempts that utilized repetition and letter-number combinations in close proximity to each other on a standard keyboard.
Ultimately, these smart devices are only as intelligent as their manufacturers and their end users. You’ll need to be diligent about downloading firmware updates to ensure device security patches, when released, can fix vulnerabilities that let hackers find their way in. You’ll also need to use truly strong passwords for each device and ensure that they aren’t easy to guess (even with help from bots). Experts also recommend that you turn off the UPnP (Universal Plug and Play) setting on your home router, as this would allow devices to discover other devices on your network and share data. If a hacker is able to take advantage of the UPnP setting being switched on, who knows what kind of damage they could do.
There’s no doubt that digital assistants and smart appliances are in demand — or that they can improve your quality of life. But if you aren’t careful, it’s possible that a criminal could use them against you. Before you get too eager about making your home smarter, make sure to take the steps necessary to protect your personal information from prying eyes.