Your Home Could Be At Risk From Hackers
You arrive home after a long day at work. Your garage door opens because the sensor you had installed last week detects the Bluetooth radio on your phone, which is within range. Once inside, you needn’t worry about switching on the lights, because your smart home automation system has taken care of that for you.
You sit down to scroll through the news you might have missed in traffic, and realise your internet connection is a bit slow. You brush it off as your ISP is “having issues”, and head off to dinner.
What’s really happened is that a hacker has infiltrated your home network and secretly corralled all of your devices into a botnet that will be used to execute an attack on a high-profile target.
This may sound like the precursor to a Hollywood thriller, but it’s a lot closer to reality than you realise.
Smart homes and security
Even if you don’t have a smart home system that connects everything from your door locks to your TV and lights to your mobile phone, the chances are you have a lot of internet-connected devices in your house – a router, perhaps, or a security camera you can view remotely. Maybe your alarm has a network connection, or your TV decoder does.
For security experts, this explosion in connected devices is a nightmare. Few are supported by manufacturers for long after they are sold, so the software that runs them could be hopelessly outdated.
Criminals know this. Late last year, a virus called Mirai was able to close down huge parts of the internet by launching an attack on key companies using infected computers. The “computers” were, for a large part, internet-connected video cameras and digital video recorders.
Since then, it’s been demonstrated that internet-connected music systems, thermostats and even fridges are all vulnerable to online attack.
“Any new technology introduces new threats,” says Haroon Meer, founder of security consultancy Thinkst.
Instilling best practice
There are a number of best practices that home users can employ to ensure that their homes aren’t an open target to cybercriminals. Many of them revolve around good password practice. For a start, if you have an internet-connected camera, for example, make sure you’ve changed the default password. Criminals automate attacks against networked equipment, and the first thing they do is try username and password combinations such as “admin” and “password”.
The other important factor is to make sure you never use the same password twice. Often, connected devices will work with an online system – so, to view your camera remotely, you may have to log into a website first. The danger of using the same password for that service as you do for your email, for example, is that if either your mail provider or your camera manufacturer gets hacked, your credentials for the other service will have been leaked too.
“If someone is on the internet today, they should probably be using a password manager,” says Thinkst’s Meer. “Shared credentials come back to bite people in the tail.”
A more complex defence that Meer suggests for those with important information on their home computers is “canarytokens”.
Canarytokens are files that will alert you when they are opened. For instance, if you download a canarytoken PDF document and name it “Life Policy”, then leave it on your home PC, a criminal may click that file and unknowingly alert you to the fact that you have been compromised.
Canarytokens are widely available for free online.
Ultimately, as our homes become as connected as our workplaces, we need to be just as careful with our IT security.
Update your home
“Anyone can fall victim to cybercriminal activities – no matter what device is being used or how little a user may connect to the internet. And those devices that are not protected are more vulnerable to this reality,” says Riaan Badenhorst, general manager at Kaspersky Lab Africa.
The most significant part of that protection comes through regular updates from software providers and original equipment manufacturers. Some of the manufacturers of smart home equipment are household names, such as Apple or Amazon or Google, and generally their approach to security and patching is good (although there are a lot of old, risky Android phones and tablets out there).
But who’s updating that no-brand DVD player that can stream movies over the network?
Users are left with a device that even the most inexperienced hacker can compromise, and once they’re on one device, they can probably break into a more important one, such as your PC.
Regularly updating software is incredibly important. This was exemplified in May when the WannaCryptor (WannaCry) malware spread throughout the globe. What made WannaCry unnecessarily dangerous was that it targeted a vulnerability that had already been patched by Microsoft. If PCs had been kept up-to-date, they’d have been less likely to have been compromised.
All of this sounds like a lot of work, and you would be forgiven for feeling more than apprehensive about logging onto the internet. But Meer says the fight against cybercrime is making progress.
“Google Chromebook and iOS devices make me think that we can eventually get to reasonably hardened states where you’re not going to be invulnerable, but you’re going to know when you’re compromised and be able to recover easily,” Meer tells us.
There’s a light at the end of the tunnel, then, while it does require us, as users, to be a bit more responsible with our data. Cybersecurity is the responsibility of all of us, especially when we’re at home.
You wouldn’t leave your home wide-open at night, so perhaps it’s time to start placing locks on your technology, to protect your memories, your finances and, more importantly, yourself.
What threats are there?
There are numerous threats online, but what exactly should you be looking for?
One of the more common threats is malware (short for malicious software), which can take the form of programs that log everything you do, from what words you type to which websites you visit.
Phishing is the act where hackers will attempt to grab passwords, usernames and credit card information to use at their will. Phishing attacks are usually made possible through compromised websites, and if you have a good security solution, it can warn you that a website might not be safe.
These threats make it important for folks to be aware of what links they click online, and where they enter sensitive information.
There are more than 2 500 000 devices connected to the internet which have been infected by the Mirai malware.
“Ransomware” is the name given to malicious software that threatens to destroy data on a PC unless you send money to the criminals who developed it. It’s expected that more ransomware targeting connected devices will appear soon.