Are You at Risk of a Digital Home Invasion?

Consumers who install smart home devices such as baby
monitors, Ring doorbells or surveillance systems are increasingly falling prey to hackers due to misconfigured devices or lax smart home network security practices.

Recently, a Chicago family fell victim to a hacker who had breached their Google Nest home cameras and thermostat.

“Arjun and Jessica Sud routinely use a baby monitor to keep tabs on their 7-month-old’s bedroom. Last month, they heard something chilling through the monitor: A deep male voice was speaking to their child,”
according to the Chicago Tribune.¹

“The couple grabbed their son, now fully awake, and headed downstairs. When they passed their Nest thermostat, normally set around 72 degrees, they noticed it had been turned up to 90. Then, the voice was back, coming through the speaker in a downstairs security camera. And this time, it was talking to them.”

As many Americans install internet-connected smart home devices that can be controlled and monitored via a smartphone app, hackers are now taking advantage of security loopholes to easily break into home networks and spy on homeowners or use compromised devices for cybercrimes.

The
recent cyber-attacks on consumers have made smart home device security a top priority for companies including Amazon and Google who are now urging consumers to take home network and device security seriously to avoid becoming cyber-attack victims.

The New Era of Internet of Things Security

Known as the “Internet of Things” or IoT, any smart device connected to the internet and a private home network that is not necessarily a server or personal computer, represents a new avenue for hackers to attack consumers in their own homes. The category of IoT devices is also expanding and includes devices that range from connected cars, smart home doorbells and video surveillance systems to speakers, watches, wearables and even microwave ovens, and refrigerators.

Even devices such as SmartTVs are not immune to hackers. A Consumer Reports investigation found that televisions made by Samsung and LG could be recording their owners’ private conversations.²

And recently the FBI issued a warning about SmartTV hacking: “Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router.”

The FBI says that hackers can take control of unsecured TVs to change channels, adjust the volume, show kids inappropriate videos or turn on your bedroom TV’s camera and microphone and silently cyberstalk you.³

In response to growing IoT cyber threats, Google will soon require Nest customers to use two-factor authentication for smart home devices.

“We’re always exploring how to protect your privacy and security while also giving you control over the ease of access to your account and what you share. After all, devices like cameras and smoke alarms are essential in emergencies.” says Cory Scott, Head of Security and Privacy at Google Nest. “However, an extra layer of defense gives you more control over your home devices in the long run by making sure only trusted people and devices can use them.”⁴

In addition to two-factor authentication, Google Nest monitors IoT security by checking for passwords that were potentially exposed in previously-known external credential breaches, resetting accounts when suspicious activity is detected, requiring automatic updates, not allowing default or easy-to-guess device passwords, and verified booting to prevent devices from running malicious code.

Smart home and IoT Safety Tips

In addition to following smart home device security requirements and manufacturer recommendations, consider the following tips to defend against IoT hackers:⁵

Check privacy and password settings for all installed IoT devices. Use non-identifiable logins, unique passwords, multi-factor authentication andchange default passwords to sentences.

Limit the use and location of always-on devices to ensure you’re not constantly under surveillance as many devices are waiting for motion, voice, or other activation prompts.

Update software on all devices to avoid attacks based on known vulnerabilities to limit hackers from attempting to access devices where updates have not been installed.

Separate your devices. Create a dedicated IoT network or a specific IoT only wireless network at home to prevent hackers from using a hacked device for network access.

Protect your devices. Use next-generation antivirus software on all tablets and laptops, and install a firewall between your home router and devices.

Create “safe rooms.” Keep smart home technologies restricted in your home you want to keep the safest such as bedrooms and bathrooms.

Business Implications of IoT Security
Like consumers, businesses must also stay vigilant and integrate IoT into their cybersecurity strategies.

Charl van der Walt, head of security research at Orange Cyberdefense states that businesses must establish security as “a primary consideration in any IoT investment you make, from your doorbell to your manufacturing technology. Any compromise you make now is bound to catch up with you later.”

“As more connected devices enter an organization, it is also vital that IT managers and decision-makers take responsibility for enforcing appropriate segmentation, access control, and patch management protocols and implementing complete, continuous visibility into the entirety of their network infrastructure,” says van der Walt.^[6]

In addition to following best IoT security practices, the next phase of IoT security evolution for businesses is leveraging more device visibility and analytics to detect cyber-attacks and compromises, and then making IoT a key piece of an organization’s overall cyber security strategy.