Off-the-shelf smart home devices are a lot less safe than you think, report says

It’s not just computers that get hacked these days — researchers from Israel’s Ben-Gurion University of the Negreb are sounding the alarm on fundamental vulnerabilities in smart home devices. A new report in the journal Smart Card Research and Advanced Applications by school’s team at the Implementation Security and Side-Channel Attacks Lab found that it’s startlingly easy to uncover serious security risks in devices like baby monitors, home security cameras, doorbells, smart locks, and thermostats.

The researchers examined 16 off-the-shelf smart home gizmos to see if they could crack them. Out of these 16 devices, they were able to find the password for 14 of them while the majority of the devices were able to be accessed within 30 minutes and attached to a botnet. They originally set out to disassemble the devices and reverse-engineer them before they discovered that the easiest method was simply to track down the default factory-set passwords.

The majority of products in the smart home market come with common, easy-to-guess default passwords that many consumers never change, opting for convenience over safety. The researchers concluded that for many manufacturers, getting smart products to market at an affordable price is more important than securing them properly.

“It only took 30 minutes to find passwords for most of the devices, and some of them were found only through a Google search of the brand,” said Omer Shwartz, one of the researchers on the project. “Once hackers can access an Internet of Things (IoT) device, like a camera, they can create an entire network of these camera models controlled separately.”

Using the devices in their laboratory, the researchers were able to play loud music through a baby monitor, turn off thermostats and other devices and turn on cameras remotely. The security implications of this study are, or should be, of great concern to the massive number of people using IoT devices without implementing better security protocols.

“You only need physical access once,” said Dr. Yossi Oren, who heads up the cybersecurity lab. “Once you buy one copy of a make and model of a camera and you attack it in your lab, you get information which will allow you to attack this make and model anywhere remotely,” he said.

In addition to uncovering these security faults, the researchers also put together a number of tips to keep smart home devices, families ,and businesses more secure. Their protocols include:

  1. Buy IoT devices only from reputable manufacturers and vendors.
  2. Avoid used IoT devices. They could already have malware installed.
  3. Research each device online to determine if it has a default password and, if so, change it before installing.
  4. Use strong passwords with a minimum of 16 letters. These are hard to crack.
  5. Multiple devices shouldn’t share the same passwords.
  6. Update software regularly.
  7. Carefully consider the benefits and risks of connecting a device to the internet.

“The increase in IoT technology popularity holds many benefits, but this surge of new, innovative, and cheap devices reveals complex security and privacy challenges,” said researcher Yael Mathov. “We hope our findings will hold manufacturers more accountable and help alert both manufacturers and consumers to the dangers inherent in the widespread use of unsecured IoT devices.”

Previous research by the Ben-Gurion University cybersecurity team has included cracking the debug port on certain IoT cameras, applying a new innovative firewall to Android phones, uncovering a unique hacking technique known as ” air-gapping,” and finding a way to transform headphones into microphones.

Emerging Tech

Awesome Tech You Can’t Buy Yet: Folding canoes and ultra-fast water filters

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Smart Home

Google Store sale is on now through December 24!

Black Friday and Cyber Monday 2018 may be history, but fans of Google hardware including the popular Google Home Hub, Pixel 3 and 3XL mobile phones still have lots of deals in store -- the Google Store, that is.
Smart Home

Man claims hacker talked to him through his Nest security camera

An Arizona man claims a white hat hacker was able to communicate with him through a hacked Nest Cam IQ internet-connected security camera and warn him about a vulnerability in the device.
Deals

Save money and control your home’s temperature with these smart thermostat deals

With the winter season in full blast, there's no better time to save money with a smart home thermostat. We found the best deals available on smart home thermostats. Control your home's heating via smartphone or voice assistants.
Smart Home

Put away that sponge and let us help you pick the best dishwasher for your buck

Tired of doing dishes by hand? Take a look at our picks of the four best dishwashers currently available and let a machine do the dirty work for you. They’ll do a much better job, anyway.
Smart Home

Porch pirate problems? Keep them away with these tips and tricks

The holiday season is fast approaching and the packages are arriving on our doorsteps. Are you worried about porch pirates stealing your gifts this holiday season? Here are some tips to help protect your purchases.
Deals

Walmart is offering Google Home starter kits for under $50

If you're hoping to save big on Google Home devices before all the holiday deals come to an end, there's no better time than right now. Walmart is slashing prices on smart home starter kits for a limited time.
Cars

This freewheeling Army truck-turned-tiny home is a labor of love

Most tiny homes are models of efficiency but one British metal worker has redefined the idea, converting an old Army truck into a mobile tiny home that comes with a bed, a sofa, a shower, and a beer garden.
Deals

Clean up with robot vac, upright vacuum, and spot and stain remover deals

Whether you're gift shopping or need to get your house ready for the holidays, deals on household cleaning appliances are always welcome. We found Walmart's best deals on robot vacs, upright vacuum cleaners, and spot and stain cleaners.
Smart Home

Amazon Alexa enhancements add geolocation, kids’ Routines, and more

Amazon's digital assistant Alexa continues to evolve and its newest features should appeal to busy people and parents on the go, including location-based routines and reminders as well as Routines aimed toward kids.
Smart Home

How to talk to Santa on Alexa and Google Assistant

Nothing say "holiday" like talking to Santa. Here's how to talk to Santa on Alexa and Google Assistant, whether he's helping you create a playlist or checking to see if you've been naughty or nice this week.
Smart Home

Tired of running outdoors? Check out the best treadmills of 2018

Running can burn up to 900 calories per hour, melting away fat and strengthening your muscles.  Compared to running outdoors, you're safer staying indoors on a cushioned track. We've rounded up the best treadmills on the market
Deals

Breathe easy, stay warm with Amazon’s one-day deal on a Dyson air purifier fan

Dyson is a leader in bringing consumers the latest in heating, cooling, and air purification. Its Pure Hot + Cool Link HP02 does all three — and for today only, it’s on sale on Amazon for $359. That’s $241 off the suggested retail…
Smart Home

LG is rolling out the barrels at CES 2019 with a craft beer machine

Looking to get into the beer making game? With the help of LG, you can become a brewmaster at home. The electronics maker is rolling out the LG HomeBrew, an at-home beer making machine at CES 2019.