Some smart gad­gets in our homes are vul­ner­a­ble to hack­ing

The Star Early Edition - - NEWS -

FROM de­vices that or­der our gro­ceries to smart toys that speak to our chil­dren, hi-tech home gad­gets are no longer the stuff of sci­ence fic­tion.

But even as they trans­form our lives, they put fam­i­lies at risk from crim­i­nal hack­ers tak­ing ad­van­tage of se­cu­rity flaws to gain vir­tual ac­cess to homes, a re­port warns.

A sur­vey of 15 de­vices by the con­sumer group Which? found that eight were vul­ner­a­ble to hack­ing via the in­ter­net, wi-fi or Blue­tooth con­nec­tions.

It comes as man­u­fac­tur­ers rou­tinely in­stall tech­nol­ogy into new house­hold prod­ucts that al­lows them to con­nect to the “in­ter­net of things”, an um­brella term for de­vices that can go on­line.

This lets them work with smart­phones and “home hubs” such as Ama­zon’s Echo and its vir­tual as­sis­tant Alexa, as well as the Google Home de­vice.

For a re­port called “The Hack­able Home”, Which? set up a home with a host of gad­gets and hired a team of eth­i­cal se­cu­rity re­searchers, SureCloud, to hack it.

One of its most dis­turb­ing dis­cov­er­ies in­volved CloudPets smart toys such as cats, uni­corns and bears that play back mes­sages sent to a child from fam­ily and friends.

Which? said: “Build­ing on a re­cently pub­lished flaw, SureCloud hacked the toy and made it play its own voice mes­sages. Scar­ily, any­one could use the same method to speak to chil­dren from out­side in the street.”

The team then used the toy pets, which cost as lit­tle as £5.99 (R98) each, to send com­mands to the Ama­zon Echo home hub, us­ing its “voice pur­chas­ing” sys­tem to or­der cat food from the on­line re­tailer.

Which? also found a flaw in home CCTV cam­era sys­tems. The con­sumer group’s re­searchers found the Fredi Me­gapix sys­tem op­er­ates over the in­ter­net us­ing a de­fault ad­min­is­tra­tor ac­count with­out a pass­word.

It said: “This is a real pri­vacy con­cern and we found thou­sands of sim­i­lar cam­eras avail­able for any­one to watch the live feed over the in­ter­net. Worse still, the hacker can even pan and tilt the cam­eras to mon­i­tor ac­tiv­ity in the house.”

The Which? team also found it was easy to crack the pass­word on the Vir­gin Me­dia Su­per Hub 2 router, let­ting it on to the wi-fi net­work.

The con­sumer group said: “Af­ter SureCloud gained ac­cess to our wi-fi net­work, it could eas­ily con­trol any de­vices that didn’t re­quire a pass­word.”

Alex Neill, of Which?, said: “There is no deny­ing the huge ben­e­fits that smart home gad­gets and de­vices bring to our lives. How­ever, con­sumers should be aware that some of these ap­pli­ances are vul­ner­a­ble. There are a num­ber of steps that peo­ple can take to bet­ter pro­tect their home, but hack­ers are grow­ing in­creas­ingly more so­phis­ti­cated.

“Man­u­fac­tur­ers need to en­sure that any smart prod­uct sold is se­cure by de­sign.”

Vir­gin Me­dia said yes­ter­day it is ad­vis­ing more than 800 000 cus­tomers with the Su­per Hub 2 router to change their pass­word im­me­di­ately, al­though it de­scribed the risk as “small”.

Ama­zon said it is pos­si­ble to turn off voice pur­chas­ing through the Alexa app con­trol­ling its Echo hub, or add a four-digit pass code.

CloudPets man­u­fac­turer, Spi­ral Toys, did not com­ment on the se­cu­rity is­sues. Fredi Me­gapix also failed to re­spond. – Daily Mail

‘Hack­ers are grow­ing more so­phis­ti­cated’

Newspapers in English

Newspapers from South Africa

© PressReader. All rights reserved.