NEWSBYTE: Researchers at Ben Gurion University in Israel have found that a variety of off-the-shelf smart home devices, including security cameras, doorbells, and baby monitors, are extremely easy to hack.
“It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices,” said Dr Yossi Oren, a senior lecturer in BGU’s Department of Software and Information Systems Engineering.
BGU researchers discovered several ways hackers can take advantage of poorly secured devices. They discovered that similar products under different brands share the same common default passwords.
“It only took 30 minutes to find passwords for most of the devices and some of them were found through a Google search of the brand,” said PhD student Omer Shwartz, a member of Dr. Oren’s lab.
Consumers and businesses rarely change device passwords when purchased so devices could be operating with malicious code for years, added researchers, who were also able to log on to Wi-Fi networks simply by retrieving the password stored in a device.
Dr. Oren urged manufacturers to stop using easy, hard-coded passwords, to disable remote access capabilities, and to make it harder to get information from shared ports, like an audio jack (which was found to be vulnerable in other studies by Cyber@BGU researchers).
“It seems getting IoT products to market at an attractive price is often more important than securing them properly,” he said.
Read more: Vendors, users ignoring IoT security in rush to market – report
A plan for smart home safety
Dr Oren’s team have proposed a seven-point plan for the safe use of smart home products.
1. Buy IoT devices only from reputable manufacturers and vendors.
2. Avoid purchasing used IoT devices. They could already have malware installed.
3. Research each device online to determine if it has a default password. If so, change before installing.
4. Use strong passwords with a minimum of 16 letters. These are harder to crack.
5. Multiple devices shouldn’t share the same passwords.
6. Update software regularly – something only reputable manufacturers will provide.
7. Carefully consider the benefits and risks of connecting any device to the internet.
Read more: Alexa beware! New smart home tests reveal serious privacy flaws
Read more: Security camera riddled with 13 serious security flaws
Read more: UK government proposes IoT security and device labelling scheme
Internet of Business says
We have published a number of stories that share a similar theme recently. The lesson is twofold. First, as the popularity of IoT devices and smart home gadgets increases, so will the media noise surrounding them. And second, it seems as if manufacturers – many of them with zero track record in cybersecurity – are indeed rushing products to market with basic security flaws easily exposed.
Read more: IIoT security: How to secure the Internet of Threats, by IBM