You might not think much about the security of your appliances compared to other high-tech gadgets you may own. Rightfully so, given the limited interactions we have with them. Momentum in the smart home space over the last several years, however, has led to always-connected devices. From robot vacuums that autonomously clean our homes, to Wi-Fi enabled air conditioners that can be operate through voice assistants, there’s no denying the lifelong conveniences they offer.
As we’ve reported on occasion, the rush to evolve the smart home has some unintended consequences. Privacy and security are paramount for security cameras, highlighted by Ring’s hacking woes last year. With smart appliances, the concern around hacks center on safety.
While it’s unlikely that you’ll be physically harmed by coming to an extra toasty home because your smart thermostat was hacked, there are other malicious hacks that can put you at risk. Should you be concerned?
Inconveniences, for the most part
Reports of appliance hacks are relatively sparse. There hasn’t been a substantial hack or enough devices affected to warrant fear about compromised smart appliances, for now. Unlike other smart home devices that have made headlines due to hacks, appliances don’t have avoided a major headline problem.
We spoke with Dennis Giese, a cybersecurity researcher and Ph.D. student at Northeastern University, to uncover if there are legitimate concerns with hacked smart appliances. He pointed out one instance where hackers were able to shut down a central heating system using a distributed denial-of-service (DDoS) attack, which resulted in residents going without heating over a weekend.
This hack was only an inconvenience for the affected people though, in theory, a hack like this could lead to damage (like burst pipes due to freezing weather). It’s not as immediately disturbing as a hacker spying on you through a camera. However, Giese does shed light on some other, more dangerous possibilities that can arise from attacks.
When hackers get clever, appliances get dangerous
Giese has examples of more troublesome hacks that, while they aren’t known to occur among the public, have been demonstrated as possible.
As an example, Giese told us about hacking a robot vacuum. Today’s robot vacs are packed with sensors. They can map rooms with lidar technology and recognize objects with cameras. However, a battery hack that Giese performed has more serious implications.
“I can reconfigure the batteries so that the battery might start to burn at some point,” Giese told Digital Trends. “The battery had a controller, and you could tell the controller wrong information, so it would charge it with a high voltage.”
Manufacturers typically have safety measures in place to prevent situations like this. For example, a temperature sensor connected to a battery will monitor extreme fluctuations and shut off charging. But Giese says that can also be compromised by offsetting or overwriting its calibration by a couple of degrees. That would be enough to cause harm to the battery.
Don’t put your IoT devices and cameras on the public internet.
Giese explains how it’s never safe to have your smart appliances connected to a public network. That should be common sense, but there are still plenty of stories about hacks happening due to unsecured or open networks. “Don’t put your IoT devices and cameras on the public internet. So don’t assume that no one will find them because people will find them eventually.”
Even if a vacuum, for instance, isn’t the end target, it can provide a launchpad for further attacks. Once he’s able to hack a robot vacuum on a public network, it opens the door to other things.
“You technically have access to any resource in that local network,” Giese explained. With the vacuum compromised, he was able to scan for connected IP cameras and point of sales system (POS) at a retail store.
What about your home? Hackers search for other devices there, too, like a network storage device. They might also conduct illegal activities by funneling web traffic through your connected smart appliance, such as downloading child pornography. This practice is common among hackers, targeting devices like routers, TV, and webcams — basically, anything with a known security issue that gives hackers access.
How to protect your appliances from hackers
One specific point to safeguard your smart appliances, and your smart home in general, is to isolate them on a Wi-Fi access point that doesn’t connect to devices that contain more data, like laptops, phones, and network-attached storage. This makes it more difficult for a hacker to compromise your entire home network once access is gained to a single appliance.
Hardware firewalls are useful tools to keep your smart appliances protected as well. We’ve detailed their advantages when it comes to detecting suspicious activities, such as huge data uploads to a remote server, but Giese makes a valid point about understanding what are legitimate hacking activities, versus your appliance’s normal operation. If you’re not an expert, it’s difficult to make the distinction.
“It might be able to detect some things, but it basically depends on whatever the IoT device is doing. You need to know what a normal state is looking like,” said Giese.
For example, a connected microwave may set off your hardware firewall because data is sent out to a server to send an alert out to your smartphone that cooking is complete. Or it might download a firmware update, which could be regarded as suspicious activity. Giese stresses that this requires personal management, in the sense that you as a consumer would need to differentiate false positives.
For now, the risk of an appliance hack doing real harm seems small — but as Giese points out, that could change quickly. Smart home security cameras seemed a safe bet until, suddenly, they didn’t. Smart home appliances are not different.
More on security and privacy in the smart home
- How to tell if your smart home security camera is hacked
- Hardware firewalls safeguard your smart home
- Should you be worried about cameras in robot vacuums?
- Why hackers want to hack cameras
- What is Wi-Fi Direct? Here’s everything you need to know
- The best cheap home security camera deals for August 2020: Arlo, Nest, Ring, EZVIZ
- How to find the IP address of your router for customization and security
- More than 1,000 Twitter employees reportedly have complete access to accounts
- Major security vulnerability could leave critical infrastructure defenseless