How hackers take advantage of “not very smart” devices in smart homes

Smart home: i consigli per proteggersi dagli hacker thumbnail

Hacker attacks have become much more frequent since our homes are full of smart devices. Through some of these, cybercriminals are able to virtually enter our homes. Here are some examples to become aware of the problem.

Hacker attacks in smart homes: the case of Adam and Heather

The couple Adam and Heather Schreck, one night in 2014 were woken up in the middle of the night to a loud noise coming from their son’s room. However, it was not the usual cry of their 10-month-old baby that disturbed the sleep of the two. Rushing to his room, the parents realized, to their amazement and fear, that the noise was the voice of a grown man shouting “Wake up!” and that it came from their baby monitor.

But that’s not all. As soon as they entered the room, the camera automatically looked away from the baby and the parents. For a baby monitor, programmed only to monitor the baby, this action meant only one thing: the camera had been hacked and someone had taken control of it via the Internet.

A disturbing story, and it is even more so if we think that seven years have passed since this event. Our homes have been teeming with smart devices ever since, and hackers have learned to hack them better and better.

Biggest hijack ever: It happened in 2016

Another similar event dates back to 2016, two years after the night that involved the Schrecks. This time around, the attack was large-scale, and brought much of the Internet networks in Europe and the United States to their knees. We’re talking hundreds of thousands of devices have been compromised through what security experts refer to as a Distributed Denial of Service (DDoS) attack, using Mirai botnets.

What happened was that numerous devices connected to the network were hacked, and these were used to overwhelm Dyn’s servers. The latter is a company that previously controlled much of the Internet’s domain name system (DNS) infrastructure, with traffic. The result? Websites including Twitter, The Guardian, Netflix, Reddit, CNN, and many more in Europe and the US were blocked for much of the day.

When the hackers “froze” the city of Lappeenranta

Lappeenranta is a city with a population of around 60,000 in eastern Finland, the target of a cyber attack in 2016. This time, central heating and hot water circulation systems in buildings were targeted. By forcing the heating systems to go into an endless restart cycle, the hackers blocked the residents from heating. It all happened at a time when temperatures in Finland were below freezing.

So, having stronger and more comprehensive IoT protection for smart homes at the network level shouldn’t just be the priority of users.

2018: a casino hacked by a smart thermometer

It can be thought that casinos, compared to normal homes, have advanced security systems. This story tells us that a playhouse can be brought to its knees by a simple IoT device – a smart aquarium thermometer in their lobby.

According to Nicole Eagan, CEO of cybersecurity firm Darktrace, the hackers used the internet-connected thermometer to break into the network. Once inside, “they found the high-roller database and then relayed it across the network, from the thermostat to the cloud.”

This can very well happen to a credit card and user credentials. Suddenly, making the home smarter doesn’t seem that attractive; however, there are several ways that users can enhance their security and defend themselves against hackers. D-Link’s mydlink app, for example, allows users to control and monitor connected devices. These include cameras, smart plugs or sensors, directly from a smartphone or tablet.

What if hackers take over cars?

Smart cars are increasingly connected. A 2015 experiment, conducted by some researchers, teaches us that it is possible to hack and take control of even a Jeep Cherokee. The test driver had noticed that, without touching the dashboard, the Jeep’s air intakes had started to blow out cold air, at maximum power. Subsequently, the radio had switched to a different station, at full volume, and it was not possible to turn it off. The wipers had turned on and the liquid clouded the glass. Although the steering wheel and brakes did not suffer interference, more disruptions would have been enough to cause an accident.

Tips to protect yourself better

All this might think that, all in all, it would be better to give up the comforts of IoT devices. In fact, rather than giving it up, it is important to prevent the risks of connected devices. For example, to monitor your home, cloud solutions like mydlink provide end-to-end encryption via the cloud. This eliminates the risk of camera hacks. This solution also offers a complete ecosystem for the smart home that controls and manages the home, with cameras, smart plugs and other sensors.

Another countermeasure, although it may seem trivial to us, is to frequently update passwords and firmware to renew device protection and change any default passwords. Older devices often come with a manufacturer-supplied password, which is often the same. If left unmodified, the device is extremely vulnerable to cyber attacks.

Becoming familiar with the security controls on the router and configuring it to regulate Internet exposure is also an important consideration. Finally, before purchasing a new device, each person should understand what kind of features and details are included. Quality and safety should be the first features to consider before making a purchase. As is often the case, the best defense against danger is culture.