Smart Home Devices Are Easy to Hack. Here's How to Protect Yourself
Alexa randomly laughing at us might be the least of our smart technology concerns. The latest bad news about smart home devices is that they're easy to hack, according to a team of researchers who did just that to prove these gadgets have serious security issues.
Off-the-shelf home security cameras, baby monitors, doorbells, and thermostats were among the devices hacked by cyber researchers at Ben-Gurion University (BGU) of the Negev in Beer-Sheva, Israel as part of ongoing research into detecting vulnerabilities in smart home technology. Once they broke in, researchers were able to play loud music through a baby monitor, turn on a camera remotely, and more.
"It is truly frightening how easily a criminal, voyeur, or pedophile can take over these devices," Yossi Oren, a senior lecturer in BGU's Department of Software and Information Systems Engineering, said in a press statement. According to Omer Shwartz, a Ph.D. student and member of Oren's lab, "It only took 30 minutes to find passwords for most of the devices, and some of them were found only through a Google search of the brand."
In a recently published paper, BGU researchers identified ways that both manufacturers and users leave their tech open to hackers. Many products come with common, easy-to-guess default passwords, which consumers then don't change, making it easy for hackers to break in. Cybercriminals can also gain access to entire wifi networks just by retrieving the password stored on one device. "It seems getting [smart] products to market at an attractive price is often more important than securing them properly," Oren said.
According to BGU researchers, you can protect yourself from being hacked by only buying from reputable manufacturers and vendors. And although it's tempting to get your device used to save money, secondhand tech might have malware installed. Keep your software updated regularly, and, as always, use strong passwords. The team at BGU recommends choosing a password with a minimum of 16 letters and not using the same password for more than one device.