The Daily Telegraph
Smart homes running the risk of 12,000 cyber attacks every week
FAMILIES who kit out their homes with smart devices are at risk of more than 12,000 hacking or scanning attacks every week, an investigation has found.
The consumer organisation Which? created a fake home with devices including smart TVS, alarms, printers and cameras to test the chances of hackers stealing ID or financial information.
With the help of cyber security specialists, they recorded 1,017 unique scans or hacking attempts coming from all around the world in just the first week of testing, with at least 66 of them being for malicious purposes.
It rose to 12,807 unique scans or attack attempts in the busiest week, including 2,435 specific attempts to maliciously log into the gadgets which had a weak default username and password. That equates to 14 infiltration attempts every hour.
Most of the time, the basic security protections built into the devices were able to block the attacks, but that was not always the case.
The most targeted devices in the testing were an Epson printer, an iegeek wireless security camera and a Yale smart home alarm. All three were purchased from Amazon.
The iegeek camera was easily hacked and compromised, allowing a suspected hacker to access the video feed and spy on the testers.
This is despite the camera being endorsed by Amazon, with more than 8,500 ratings on its site – 68 per cent of which were five-star reviews.
The most common reason to hack smart devices is to create botnets such as Mirai, which search for new unsecure devices, such as routers, wireless cameras and connected printers coming online before forcing their way past weak default passwords.
From there, the parasite can be used as a powerful hacking tool, such as in 2016 when it knocked Twitter, Amazon and other leading websites temporarily offline. Most hacks originated from the United States, India, Russia, the Netherlands and China, with spikes of activity between 9am and 6pm.
Which? urged the Government to press ahead with a proposed Bill to regulate insecure smart products. It includes plans to ban default passwords on connected products, such as “admin” or “123456.”
It is also calling for online marketplaces and retailers to be given additional obligations for ensuring the safety and security of the products sold on their sites.
Kate Bevan, Which? computing editor, said: “While smart home gadgets and devices can bring huge benefits to our lives, consumers should be aware some of these appliances are vulnerable to hackers and offer little or no security.
“There are a number of steps people can take to better protect their home, but hackers are growing increasingly sophisticated. Proposed government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.”