Connected home devices like cameras and thermostats can be easy targets for hackers, cybersecurity firm explains.
With a new breach seemingly every day, consumers are more on-guard than ever before when it comes to ensuring the security of their personal information from cyber criminals. And, rightfully so. Validating the cause for such concerns is a new report from Synack that highlights the ease in which malicious hackers can access a majority of smart home devices on the market today. Quite ironically, many of them are security gadgets — the same products that are supposed to keep you protected.
Writing for Gigaom, Stacey Higginbotham notes that the firm had conducted an in-depth analysis on a number of today’s most-popular smart home gadgets, including cameras, thermostats, smoke detectors and automation controllers. Upon reviewing 16 of these devices, researchers discovered a vast majority of them possess some serious vulnerabilities.
Colby Moore, a security analyst for Synack, told Gigaom that it took him only 20 minutes to break into all but one of the assorted devices during testing. Furthermore, the company believes the lack of security for such products could derive from the fact that there are no set standards for smart home security.
“Right now the internet of things is like computer security was in the ‘90s, when everything was new and no one had any security standards or any way to monitor their devices for security,” Moore says.
Upon finishing the investigation, Synack found the worst performing devices to be, in fact, connected cameras. Each of the five camera products examined had issues either with encryption or password security. As for thermostats, Nest was deemed to be the most secure, although it did lose points for a weak password policy. Others were cited for having problems with password policies, encryption and a long history of flaws across product lines.
Meanwhile, a number of smoke and carbon dioxide detectors didn’t fare so well either. The analyst reveals that this category could fall victim to a supply chain-based attack, meaning someone could intercept the device and change a component.
Lastly, a few of the home controllers are believed to have issues with exposed service and insecure architecture, while others lack proper password policies as well. In all, Moore shares with Gigaom that the security of smart home devices today is “abysmal.” He suggests users hardwire as many devices as possible, enable automatic firmware updates and utilize strong passwords.
“Smart homes are a dumb idea if they are not secure. And that means secure at every node,” Atmel resident security expert Bill Boldt chimed in on the matter. “Who wants a home that allows people to monitor them? There is already a website out there showing pictures of people intercepted from their own home security cameras. That is just the top of the iceberg. Nodes of all types from thermostats to cameras, to meters, appliances need to be authenticated and encrypted. Consumers will soon figure that out and demand it.”
Interested in reading more? Head over to Gigaom’s entire writeup. You can also discover how to add enhanced authentication and encryption into your next design here.