How to secure your smart home devices from hackers

In this new era of internet-connected devices, which includes smart TVs, weight scales and even your house’s thermostat, the computer is no longer the only point of vulnerability you need to be concerned about. A recent botnet attack against a popular security website details how all of your devices are at risk of security breaches by hackers with bad intentions.

Your smart home appliances might be weaponised if hacked by internet criminals

In 2016 hackers infected millions of household appliances and other devices, resulting in a massive internet attack. A coordinated botnet attack took out the Krebs on Security website after hijacking an estimated 300,000 internet-facing cameras with software vulnerabilities. These cameras were used to simultaneously send gigabytes of data per second to the Krebs on Security site in an effort to knock it offline.

These devices become ubiquitous attack vectors that can affect internet routers, DVRs and security cameras. A particularly scary scenario for young families is one in which their baby’s monitor can be viewed by anyone on the internet. Attackers who want to target business websites and censor others can enlist these internet-connected devices for their purposes. Hackers have broken into home and business security cameras as well as DVRs that store video recordings. It’s not just a problem for those with home devices, but it’s also a huge headache for internet security companies.

KRACK Wi-Fi Vulnerability 

In the last few months security researcher Mathy Vanhoef announced a serious vulnerability which has been referred to as KRACK (Key Reinstallation Attack).

In a nutshell, any device you have which uses Wi-Fi is likely to be at risk from KRACK.

The hacker can spy on all traffic you send over the network which can be abused to steal private and sensitive information for example credit card details, passwords, emails and photos etc.

KRACK targets step three in a four-way authentication performed when your Wi-Fi device tries to connect to a secure network.

During step three the encryption key can be resent numerous times, and if criminals gather and replay those retransmissions in specific ways, Wi-Fi security encryption can be cracked.

Your home router might be vulnerable to hackers

The router that connects you to the internet can potentially be hacked if it’s not properly secured. It is an ideal target for hackers since so many of your devices use it as an access point to broadcast information via the internet, from tablets and vacuum cleaners to smart doorbells and cameras. If there is an unidentified bug in your router’s low-level software, someone could exploit that vulnerability, get access to your home network, and see everything that you’re sending over the internet.

Some hackers aren’t even interested in your data when they break into your router. They would instead commandeer it to send distributed denial of service (DDoS) attacks in an effort to knock websites offline. A DDoS disrupts websites by spoofing millions of bogus access attempts, causing a website’s server to crash.

Most end-users aren’t savvy enough to update their routers’ firmware, and big media companies don’t typically expect their consumers to make these updates. You can help secure your router by changing the default password that comes with it and checking a couple of times a year for new firmware updates to be posted on the manufacturer’s website. You may also want to update your router if it’s old, as newer versions are typically more secure.

What are some of the typical security threats around the home?

Home routers are often the gateway to all the devices in your home for the rest of the internet. Because these devices essentially are small computers which run operating system software that’s exploitable, they can become powerful weapons if they fall into the wrong hands. Some of the household smart gadgets most vulnerable to hacks include:

• Routers
• CCTV video cameras and webcams
• Digital video recorders (DVRs)
• Smart fridges and smart ovens
• Smart thermostats

How to protect your home devices against hackers

The first thing you can do when you purchase these network-connected products is to change the default username and password. These attacks are typically unsophisticated, and in many of the cases, devices are hacked just by targeting default usernames and passwords.

The problem with machines that don’t have their own screens is that they don’t typically get updates to fix vulnerabilities. Ask yourself if your new refrigerator, thermostat or smart TV truly needs to be connected to the internet. If not, then go into the settings, shut off their network connectivity and enjoy some peace of mind.