- How safe are your smart home devices?
- New research shows many can easily be hacked.
- Taking simple precautions can improve your cybersecurity.
- Although a consumer group says makers need to do more to keep us safe.
How good is your home security? Locks and alarms may keep burglars at bay, but as smart homes become more common, you need to add cybersecurity to the list of deterrents.
With our homes ever more connected, the opportunities for hackers to interfere with our lives and cause harm is increasing. “If everything is connected, everything can be hacked,” pointed out European Commission President Ursula von der Leyen in her 2021 State of the Union address.
So which household items are most vulnerable? Here are five surprisingly hackable items that you may have in your home:
1. Your smart TV
2. Your video doorbell and smart security system
3. Your robot vacuum cleaner
4. Your smart garage door opener
5. Your smart baby monitor.
They all share the same vulnerabilities – they are not only connected to the internet of things (IoT) but they are often part of your home WiFi network.
A study by the European watchdog Euroconsumers found all five had “high severity” or “critical” security vulnerabilities.
What are the risks?
Researchers tested a total of 16 commonly-used devices from a range of brands and found 54 vulnerabilities that exposed users to attack by hackers, with potential consequences ranging from deactivating security systems to stealing personal data.
As well as gaining access to sensitive services like banking apps, the report says hackers can also use multiple connected devices to stage massive distributed denial of service (DDOS) attacks, the likes of which have been used to bring down banking and even healthcare networks.
“Connected devices have a great potential around the home. They bring new functions and features to the products we use every day,” says the report. “But while most people are aware that connecting their laptop to the internet brings risks … they may not think the same is possible via smart devices.”
Have you read?
Closing ‘digital windows’ in our homes
Among the vulnerabilities discovered was the risk of a “deauthentication attack” where a hacker instructs the device to disconnect from the home WiFI. When this happens, smart doorbells may no longer respond to motion or send alerts to their owners.
Analysts also found that some smart home apps transmit unencrypted data which can be used by hackers to obtain WiFi passwords and other sensitive information to give them access to a user’s private data.
A recent survey found that over two-fifths (42%) of Americans use smart home devices, more than double the number of Europeans. And while 98% of them are worried about privacy threats from using them, around half have taken no steps to protect their devices.
“All too often, smart devices have weaknesses making them vulnerable to attacks. Just as manufacturers have a responsibility to make their products safe to use, they can’t cut corners on digital security either,” says the Euroconsumers report.
“They must make smart products secure by design and protect our privacy. By securing the ‘digital windows’ into our homes, they can stop hackers in their attacks.”
To add to the dilemma facing consumers, the study found that although reputable brands generally have better security than cheaper alternatives, some still suffered “severe” security issues.
“Being a reputable brand is no 100% guarantee that enough attention has been given to security,” the report says. White-label devices, sold under a number of brands, also make it harder for buyers to assess the security of devices, the researchers add.
Seven steps to better security
So what can you do to make your smart devices more cybersecure? Here’s what Euroconsumers advises:
1. Connect devices with an ethernet cable when possible in preference to WiFi
2. Use strong and unique passwords
3. Always change the default name of your WiFi network after it’s installed
4. Use two-step verification
5. Keep your devices updated and turn them off when you are not using them
6. Always complete the device set-up when you use it for the first time
7. Don’t buy cheap connected devices.
The World Economic Forum’s State of the Connected World 2020 report found that increased use of connected devices during the COVID-19 pandemic had brought many benefits, but had also increased exposure to risk.
What is the World Economic Forum doing on cybersecurity
The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.
Our community has three key priorities:
Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.
Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.
Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.
Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.
The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.
For more information, please contact us.
Warning about the lag between technological innovation and regulation, the Forum said the risks to privacy and other human rights from the increased use of connected devices must be “thoroughly assessed and addressed through proper governance structures”.