By Catherine Powell
Technology is a two-edged sword. What we consider a convenience on one hand can just as easily be turned against us the next. Take smart-home techology. Some people use the Internet of Things to do everything from keeping an eye on their property while they're away, to locking and unlocking the front door when they get home. Many also use IoT to tell them when it's time to do the laundry, turn on and off lights, or buy milk. While these space age conveniences can make life simpler, the bad news is that it can also simplify high tech thieves lives when it comes to robbing homeowners blind. Below are ten ways a smart-home can get hacked.
#1: Eye See You - Who needs to case a home when all a hacker has to do nowadays is take control of your home surveillance systems, smart TVs, or nannycams? The same devices many early adopters are using to keep an eye on their property can be used to keep an eye on them as well. What's worse is that it doesn't take all that much knowhow to crack most IoT devices because most manufacturers spend little time and money securing them. Some systems are so easy to crack that the hackers set up websites where they charge viewers to see the live footage of hacked domeciles. Others use the same feeds to determine when homeowners are away to break in and rifle their homes for valuables.
#2: Rats, you've been hacked! - Random Access Trojan attacks, more commonly known as ratting, can give hackers access to your laptop camera and microphone allowing them to eavesdrop on you or even capture illicit images or video that they can later use to blackmail you. It can also provide them with access to any other networked smart device in your home. Originally designed to allow IT professionals to remotely access systems they were authorized to manage, these same programs in the hands of hackers have allowed them to post surreptitiously obtained photos and videos of celebrities in compromising situations. The easiest way for a hacker to introduce a RAT is to craft a phishing email that makes the recipient all too happy to click on a link that they think has come from someone they either know or trust. Once ratted, any device will be under the control of a hacker.
#3: Are you in a jam? - So what if your home is equipped with wireless motion detectors, surveillance cameras, and window/door alarms. For as little as $40 a thief can purchase a WiFi jammer that makes all of these devices useless. That's because all of your wireless devices can't sound the alarm without WiFi. According to a recent
blog by cybernews.com, "
After a series of robberies in Edina, Minneapolis, police suspect that burglars are using WiFi jammers to block off security system signals such as wireless security cameras, KARE 11, the local television station has reported. The jammers can also disable door, window, and motion sensors. Edina police believe that the suspects aren’t choosing houses at random –they’re researching carefully prior to burglarizing them. The suspects are stealing jewelry, safes, and high-end merchandise."
#4: How smart are Smart locks? - Face it, if you can use your smartphone to lock and unlock your front door, what makes you think a hacker can't find a way to do the same thing? Everything from recording and replaying the signal you use to get into your home, to brute forcing the PIN number or password are a couple of ways that hackers can use to outsmart smart locks. Another popular way to pop a smart lock is called
fuzzing, which entails using a black box software tester to trick the lock into entering an error state.
#5: Are your appliances an accomplice to crime? - Believe it or not, tech-savvy crooks don't have to crack your security system to break into your home. All they have to do is breach the security of any web-enabled appliance in your home. From there, it's child's play to gain access to your router to determine what other devices are connected to your home. Cracking one device can quickly lead to a hacker gaining entry to every device on your home network.
#6: Did you recently sell that old laptop, tablet, or smartphone? - Before you sell any computer, smart device, or smartphone you need to have the hard drive professionally sanitized. That's because hackers can use data recovery tools to get at sensitive data you have erased. While the delete key can be a handy way to free up space, it doesn't really delete anything. All it does is remove the user's access to it. The data is still on the device and there are numerous software packages designed to retrieve things like credit card numbers, banking information, deleted photos, videos, and more.
#7: Are you feeling blue? - Bluebugging and bluejacking are other ways that hackers can wrestle control of a device from you. Bluejacking exploits Bluetooth to send unsolicited messages or data to a smart devices without the user being aware of it. Bluebugging allows hackers to take control of a device by exploiting Bluetooth vulnerabilities. A smartphone that has been bluebugged can be commanded to make calls without the owner's knowledge.
#8: What's wrong with WiFi? - It isn't all that difficult to hack WiFi passwords. In fact there are numerous blogs and online videos that show viewers how to crack WiFi passwords in 2-minutes or less. While gaining access to your home's WiFi router may enable a neighbor to surf the web for free, it could also allow a hacker to gain access to every WiFi enabled device in your home.
#9: Is cracking your smart home's security child's play? - It can be if you have children. Hackers for years have trolled the Internet to not only learn potential victim's vulnerabilities, they've been known to specifically target children. The reason they do this is obvious. While you may have learned what messages to respond to and reject, what are the odds that your child has the knowledge and experience to know when an email or text message has been crafted by a hacker to gain access to their computer , smartwatch, or smartphone?
#10: Is your home a smorgasbord for hackers? - Like it or not, the more smart devices you have in your home, the more ways there are for hackers to gain access to it and everything stored on them. Did you know that smartlights can be used to steal data from other devices on the network? Did you realize that smart assistants like Echo, Siri, or other voice-controlled devices can be used by cybercriminals to issue commands to other connected devices using sound that is undetectable to the human ear?
What can you do to secure your smart home? Let me count the ways:
- First and foremost, you need to secure your WiFi network. That means changing the default SSID, since some networks are either unsecured or use a password like 'admin' to gain entry.
- Consider having an IT pro compartmentalize your home network so the many smart devices that run through it aren't all accessible under the same account. If you don't want to do this, at least take the time to create a guest account on your router so you can assign all your smart devices to this in order to protect other data contained on your home network.
- Set up and use network monitoring software that shows you who is using your home network.
- Make sure all your device passwords are at least 12 characters long, including numbers and special characters like #. For goodness sakes, never use the same password for all your smart devices.
- Enable two-step authentication to further secure your network against hackers. This way even if hackers should guess a password they'll have another stumbling block in their way.
- Make sure all your networked software is up to date.
- If your router is more than 5-years-old, it's time to replace it. Old routers contain aging security protocols.
Catherine Powell is the owner of A Plus All Florida, Insurance in Orange Park, Florida. To find out more ways to save on flood insurance, check out her website at http://aplusallfloridainsuranceinc.com/
It seems to me that having too many smart devices isn't so smart after all.
ReplyDeleteThere are billions of smartphone user but how many know about these threats to there security? Thanks for the great info.
ReplyDelete