Off-the-shelf smart home devices are a lot less safe than you think, report says

It’s not just computers that get hacked these days — researchers from Israel’s Ben-Gurion University of the Negreb are sounding the alarm on fundamental vulnerabilities in smart home devices. A new report in the journal Smart Card Research and Advanced Applications by school’s team at the Implementation Security and Side-Channel Attacks Lab found that it’s startlingly easy to uncover serious security risks in devices like baby monitors, home security cameras, doorbells, smart locks, and thermostats.

The researchers examined 16 off-the-shelf smart home gizmos to see if they could crack them. Out of these 16 devices, they were able to find the password for 14 of them while the majority of the devices were able to be accessed within 30 minutes and attached to a botnet. They originally set out to disassemble the devices and reverse-engineer them before they discovered that the easiest method was simply to track down the default factory-set passwords.

The majority of products in the smart home market come with common, easy-to-guess default passwords that many consumers never change, opting for convenience over safety. The researchers concluded that for many manufacturers, getting smart products to market at an affordable price is more important than securing them properly.

“It only took 30 minutes to find passwords for most of the devices, and some of them were found only through a Google search of the brand,” said Omer Shwartz, one of the researchers on the project. “Once hackers can access an Internet of Things (IoT) device, like a camera, they can create an entire network of these camera models controlled separately.”

Using the devices in their laboratory, the researchers were able to play loud music through a baby monitor, turn off thermostats and other devices and turn on cameras remotely. The security implications of this study are, or should be, of great concern to the massive number of people using IoT devices without implementing better security protocols.

“You only need physical access once,” said Dr. Yossi Oren, who heads up the cybersecurity lab. “Once you buy one copy of a make and model of a camera and you attack it in your lab, you get information which will allow you to attack this make and model anywhere remotely,” he said.

In addition to uncovering these security faults, the researchers also put together a number of tips to keep smart home devices, families ,and businesses more secure. Their protocols include:

  1. Buy IoT devices only from reputable manufacturers and vendors.
  2. Avoid used IoT devices. They could already have malware installed.
  3. Research each device online to determine if it has a default password and, if so, change it before installing.
  4. Use strong passwords with a minimum of 16 letters. These are hard to crack.
  5. Multiple devices shouldn’t share the same passwords.
  6. Update software regularly.
  7. Carefully consider the benefits and risks of connecting a device to the internet.

“The increase in IoT technology popularity holds many benefits, but this surge of new, innovative, and cheap devices reveals complex security and privacy challenges,” said researcher Yael Mathov. “We hope our findings will hold manufacturers more accountable and help alert both manufacturers and consumers to the dangers inherent in the widespread use of unsecured IoT devices.”

Previous research by the Ben-Gurion University cybersecurity team has included cracking the debug port on certain IoT cameras, applying a new innovative firewall to Android phones, uncovering a unique hacking technique known as ” air-gapping,” and finding a way to transform headphones into microphones.

Mobile

Think iPhones can’t get viruses? Our expert explains why it could happen

If your iPhone has been acting strangely, then you may be concerned about the possibility it is infected with a virus or some malware. We take a look at just how likely that is and explain why iOS is considered relatively safe.
Smart Home

Viral porch pirate videos freak people out, cause unrealistic concern

Viral porch pirate videos convince others crime is more prevalent than facts indicate. According to polls, even though FBI reports show property crime rates are at historic lows, more people worry about crime today than ever before.
Computing

After fourth attack, hacker puts personal records of 26M people up for sale

A serial hacker going by the name of Gnosticplayers is selling the personal data of 26 million people who have been using the services of six different companies from across the world.
Mobile

How to use Samsung's Bixby assistant for all of your smartphone tasks

Samsung Bixby is a powerful tool, but not the most intuitive one we've encountered. Here's how to set up and use every feature of Samsung's digital assistant, as well as what to expect in the future.
Smart Home

Ikea isn’t throwing shade with the delayed release of its smart blinds

Ikea planned to release is Tradfri-compatible smart blinds in April 2019, but the products have been delayed until later in the year for a firmware update that promises better functionality.
Smart Home

Whatever happened to those dumb smart products we wrote about in 2017?

A smart salt dispenser? As manufacturers rush to get the next new smart item out there, we wonder if all these new inventions are really necessary. Here’s a list of 10 of the quirkiest home smart gadgets available, and where they are now.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Write music with your voice, make homemade cheese

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Smart Home

Lutron’s Fan Control makes ceiling fans smart, but has some turnoffs

Lutron recently came out with a smart switch that controls ceiling fans, the Lutron Caseta Fan Speed Control Switch. How does it stack up? Here's a first-hand review of the Lutron Fan Control switch.
Cars

Amazon and Kia team up to simplify EV home-charging station installs

Kia Motors announced a new program with Amazon for electric vehicles. Customers planning to purchase a new Kia EV or PHEV can check out recommended Level 2 240-volt home charging stations and arrange installation in their homes.
Smart Home

Traeger’s latest wood-pellet grills are smoky, smart, and spacious

Traeger is famous in the world of barbecue and heavy-duty grills for its signature pellet grills and now the company is expanding this year by adding three new brands of redesigned
Smart Home

The five best teeth-whitening kits you can buy on Amazon

Teeth whitening can have a major impact on a person’s smile and overall appearance. You don't necessarily have to go to the dentist to get your teeth whitened though. Here are the best teeth-whitening kits you can buy.
Smart Home

Is your Keurig making gross coffee? Might be time for a cleaning

No one likes a dirty, scaled, or smelly Keurig, but how are you supposed to clean them? Before you throw yours out the window, here is a quick guide on cleaning your machine out thoroughly.
Smart Home

Which is better, the original Echo or the Echo Dot? We compare them

Amazon Echo vs. Dot: Having Alexa answer your questions is nothing short of futuristic, but which device should you get? There are some big differences between the two, especially in size, sound, and cost.
Product Review

Gate’s Smart Lock is locked and loaded but ultimately lacks important basics

In a world of video cameras and doorbells comes the Gate Smart Lock, a lock with a video camera embedded. It’s a great idea, but lacks some crucial functionality to make it a top-notch product.