Smart Home Cybersecurity:
Most smart home devices are often poorly protected, use weak communication protocols and no encryption, which puts them in the spotlight for cybercriminals. Users often make hackers’ lives much easier by not installing updates and using weak passwords, cybersecurity experts warn.
The growing number of connected devices and increasing vulnerabilities, including the latest one that has been exploited by North Korean and Chinese hackers, raises concerns among cybersecurity experts. They warn that such attacks will increase, and have severe consequences: from stolen data to private videos leaked on the internet.
At the beginning of December, a cybersecurity vulnerability dubbed React2Shell that can affect millions of connected home devices worldwide was publicly disclosed. Just days later, security researchers already observed hacker groups from North Korea and China exploiting the vulnerability for malicious purposes. This example illustrates how quickly hackers can exploit weaknesses, often long before vendors fix them.
A forecast from IoT Analytics predicted that this year, a number of connected home devices is expected to reach 21.1 billion, with double-digit growth projected for the upcoming years.
Not only traditional cameras and printers, but also new-gen thermostats and wearables are being increasingly incorporated in our daily lives, and potential vulnerabilities increase too.
Experts at Planet VPN, a free virtual private network provider, say that worldwide, there are many more attacks, most of which are unnoticed by users. According to Konstantin Levinzon, co-founder of the company, hackers are increasingly shifting their focus to smart homes due to their lack of protection.
”When people think about cybersecurity, they often take care of their smartphones and forget about the rest. However, other devices connected to homes often have weaker security than our smartphones or laptops, making them a more lucrative target for cybercriminals. Your TV, camera, or printer can open the door for cybercriminals to your network, and once they break in, it is hard to stop them,” Levinzon says.
A recent report by Bitdefender and Netgear, which analyzed 58 million smart home devices across the US, Australia, and Europe, found 4.6 billion vulnerabilities and noticed 13.6 billion attacks in the first 10 months of this year.
According to Levinzon, there are several ways bad actors can hijack your home. One huge security hole is outdated firmware: smart home devices often receive too few security updates, leaving them exposed to all kinds of vulnerabilities.
In addition, many devices, including routers and cameras, come with default passwords that are easy for hackers to guess. Despite the growing number of cyber incidents, users still rely on default or weak passwords, making hacking into users’ homes an easy task even for unskilled cybercriminals, Levinzon says.
On top of that, there are a number of potential issues with home network security.
”Users trust device manufacturers too much and don’t consider the security of smart home devices before buying them. For example, cheap security cameras often promise to secure your home, when in reality, they may act like a Trojan horse. Poor encryption and insecure communication protocols can expose users’ private lives online instead of keeping them safe.,” Levinzon explains.
The rise of AI assistants also poses security concerns. Earlier this year, researchers at Tel Aviv University published a paper where they described how “Google’s” AI assistant Gemini can be used to do things like open windows in a person’s apartment, after receiving only a calendar invite.
According to Levinzon, while the latter example was only theoretical, as AI continues to have much more influence in our lives, we will see more similar examples happening in real life.
Once cybercriminals compromise a person’s network, AI assistant, or device, they can then use it for various purposes: steal the user’s personal data, eavesdrop, hijack smart home equipment to launch cyberattacks, and even control your home.
To avoid becoming a victim, Levinzon advises using unique passwords and enabling multi-factor authentication. Updating firmware regularly and ensuring that these devices have secure communication protocols, such as WPA3, is also a must.
”It is also important to protect devices when you are using them,” he says. “Turn on a VPN whenever you are browsing using your smartphone, laptop, or smart TV: it will enhance your security and privacy by hiding your IP address and making your data invisible to anyone, even to your internet service provider. Remember, that for cybercriminals, even one unprotected device may be enough to take control of your entire home.”
