Some smart gadgets in our homes are vulnerable to hacking
FROM devices that order our groceries to smart toys that speak to our children, hi-tech home gadgets are no longer the stuff of science fiction.
But even as they transform our lives, they put families at risk from criminal hackers taking advantage of security flaws to gain virtual access to homes, a report warns.
A survey of 15 devices by the consumer group Which? found that eight were vulnerable to hacking via the internet, wi-fi or Bluetooth connections.
It comes as manufacturers routinely install technology into new household products that allows them to connect to the “internet of things”, an umbrella term for devices that can go online.
This lets them work with smartphones and “home hubs” such as Amazon’s Echo and its virtual assistant Alexa, as well as the Google Home device.
For a report called “The Hackable Home”, Which? set up a home with a host of gadgets and hired a team of ethical security researchers, SureCloud, to hack it.
One of its most disturbing discoveries involved CloudPets smart toys such as cats, unicorns and bears that play back messages sent to a child from family and friends.
Which? said: “Building on a recently published flaw, SureCloud hacked the toy and made it play its own voice messages. Scarily, anyone could use the same method to speak to children from outside in the street.”
The team then used the toy pets, which cost as little as £5.99 (R98) each, to send commands to the Amazon Echo home hub, using its “voice purchasing” system to order cat food from the online retailer.
Which? also found a flaw in home CCTV camera systems. The consumer group’s researchers found the Fredi Megapix system operates over the internet using a default administrator account without a password.
It said: “This is a real privacy concern and we found thousands of similar cameras available for anyone to watch the live feed over the internet. Worse still, the hacker can even pan and tilt the cameras to monitor activity in the house.”
The Which? team also found it was easy to crack the password on the Virgin Media Super Hub 2 router, letting it on to the wi-fi network.
The consumer group said: “After SureCloud gained access to our wi-fi network, it could easily control any devices that didn’t require a password.”
Alex Neill, of Which?, said: “There is no denying the huge benefits that smart home gadgets and devices bring to our lives. However, consumers should be aware that some of these appliances are vulnerable. There are a number of steps that people can take to better protect their home, but hackers are growing increasingly more sophisticated.
“Manufacturers need to ensure that any smart product sold is secure by design.”
Virgin Media said yesterday it is advising more than 800 000 customers with the Super Hub 2 router to change their password immediately, although it described the risk as “small”.
Amazon said it is possible to turn off voice purchasing through the Alexa app controlling its Echo hub, or add a four-digit pass code.
CloudPets manufacturer, Spiral Toys, did not comment on the security issues. Fredi Megapix also failed to respond. – Daily Mail
‘Hackers are growing more sophisticated’