Off-the-shelf smart home devices are a lot less safe than you think, report says

It’s not just computers that get hacked these days — researchers from Israel’s Ben-Gurion University of the Negreb are sounding the alarm on fundamental vulnerabilities in smart home devices. A new report in the journal Smart Card Research and Advanced Applications by school’s team at the Implementation Security and Side-Channel Attacks Lab found that it’s startlingly easy to uncover serious security risks in devices like baby monitors, home security cameras, doorbells, smart locks, and thermostats.

The researchers examined 16 off-the-shelf smart home gizmos to see if they could crack them. Out of these 16 devices, they were able to find the password for 14 of them while the majority of the devices were able to be accessed within 30 minutes and attached to a botnet. They originally set out to disassemble the devices and reverse-engineer them before they discovered that the easiest method was simply to track down the default factory-set passwords.

The majority of products in the smart home market come with common, easy-to-guess default passwords that many consumers never change, opting for convenience over safety. The researchers concluded that for many manufacturers, getting smart products to market at an affordable price is more important than securing them properly.

“It only took 30 minutes to find passwords for most of the devices, and some of them were found only through a Google search of the brand,” said Omer Shwartz, one of the researchers on the project. “Once hackers can access an Internet of Things (IoT) device, like a camera, they can create an entire network of these camera models controlled separately.”

Using the devices in their laboratory, the researchers were able to play loud music through a baby monitor, turn off thermostats and other devices and turn on cameras remotely. The security implications of this study are, or should be, of great concern to the massive number of people using IoT devices without implementing better security protocols.

“You only need physical access once,” said Dr. Yossi Oren, who heads up the cybersecurity lab. “Once you buy one copy of a make and model of a camera and you attack it in your lab, you get information which will allow you to attack this make and model anywhere remotely,” he said.

In addition to uncovering these security faults, the researchers also put together a number of tips to keep smart home devices, families ,and businesses more secure. Their protocols include:

  1. Buy IoT devices only from reputable manufacturers and vendors.
  2. Avoid used IoT devices. They could already have malware installed.
  3. Research each device online to determine if it has a default password and, if so, change it before installing.
  4. Use strong passwords with a minimum of 16 letters. These are hard to crack.
  5. Multiple devices shouldn’t share the same passwords.
  6. Update software regularly.
  7. Carefully consider the benefits and risks of connecting a device to the internet.

“The increase in IoT technology popularity holds many benefits, but this surge of new, innovative, and cheap devices reveals complex security and privacy challenges,” said researcher Yael Mathov. “We hope our findings will hold manufacturers more accountable and help alert both manufacturers and consumers to the dangers inherent in the widespread use of unsecured IoT devices.”

Previous research by the Ben-Gurion University cybersecurity team has included cracking the debug port on certain IoT cameras, applying a new innovative firewall to Android phones, uncovering a unique hacking technique known as ” air-gapping,” and finding a way to transform headphones into microphones.

Smart Home

One in 10 smart home device owners report unresolved technical problems

According to a recent survey from Parks Associates, more than one in 10 consumers report they have experienced technical errors with their connected devices that have yet to be resolved.
Smart Home

Add some nature to your tech with Mui, a wood panel that’s also a smart display

Are you so immersed in technology that you long for a touch of nature in your home? You could get some potted plants -- or you could invest in Mui, a wood panel that is also an internet-connected smart display.
Deals

Save energy and money with a $45 discount on the Nest smart thermostat

If you were looking for a smart thermostat, Amazon is offering up to $45 in savings on the popular Nest Learning Thermostat. Use stainless steel thermostat to the keep your home warm and cozy this fall and save energy by scheduling the…
Smart Home

Keep an eye on your kingdom with the best home security cameras

When it comes to the best home security cameras, the choice often comes down to the one that simply knows how to stay out of your way. Here are some of our favorites, both indoor and outdoor.
Deals

Protect yourself from germs with a discounted GermGuardian air purifier

Cold and flu season has arrived, and with it, all those nasty germs. If you're looking to protect yourself from airborne illnesses, this deeply discounted air purifier can help reduce germs, mold spores, and viruses lurking in the air.
Smart Home

Put away that sponge and let us help you pick the best dishwasher for your buck

Tired of doing dishes by hand? Take a look at our picks of the four best dishwashers currently available and let a machine do the dirty work for you. They’ll do a much better job, anyway.
Emerging Tech

Awesome Tech You Can’t Buy Yet: A.I.-powered cat toys, wallets, food containers

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Smart Home

The best treadmills of 2018

The exercise of running can burn up to 900 calories per hour, melting away fat and strengthening your muscles at the same time.  Compared to running outdoors, you're safer staying indoors on a cushioned track.
Smart Home

If you're not sipping beer while a robot mows your lawn, you're doing it wrong

Imagine watching your lawn being mowed by a robot while you sit on the porch drinking a beer. That’s life with Husqvarna’s line of electric Automowers, which takes the gas and the manpower out of one dreaded aspect of yard work.
Smart Home

The best washing machines make laundry day a little less of a chore

It takes a special kind of person to love doing laundry, but the right machine can help make this chore a little easier. Check out our picks for the best washing machines on the market right now.
Product Review

We never wanted a smart doorbell, until we met Nest Hello

You can answer your door while sitting on the couch with the Nest Hello smart doorbell, which brings vision, intelligence and convenience to your doorstep.
Emerging Tech

Flying food: Uber has set a target date to use drones for meal delivery

Uber is better known for transporting people around town, but it also has a growing meal-delivery business called UberEats. It currently uses drivers and cyclists to deliver the food, but also has plans to use drones.
Product Review

Simple and small, the Google Home Hub is your low-key smart screen

What’s small, simple, cute, and lacks a camera? The Google Home Hub is the latest smart display to hit the market. Powered by Google Assistant, there’s a lot to like about this device.
Smart Home

Reduce your risk of fire by cleaning your dryer vent. Here's how

Failure to clean the dryer vent is the leading cause of dryer fires. Using an inexpensive duct cleaning brush, you can clean your own dryer vent without hiring a professional. Here’s our step-by-step guide on how to clean a dryer vent.