IoT Appliance Hacking: it’s real – and it happened on Friday

smart-home

Appliance Hacking: it’s real – and it happened on Friday (10/26/16).

We get it – smart home devices make sense in certain cases.

For instance, it’s highly beneficial to be able to control your vacation cabin’s plumbing remotely through the winter. More and more child abuse cases have become prosecutable via nanny cam footage.  Distance can be bridged through technology and that is wonderful – until it isn’t anymore.

Last week, Spotify, Twitter, Pinterest, Reddit, and Paypal were subjected to a sweeping Halloween hack on the East Coast  — and if you own a smart home device and live in that part of the country, it is possible you were unwittingly involved.

“The DDoS attack was reportedly carried out through millions of hacked connected devices like web cameras and smart fridges, seemingly innocuous items which are often poorly secured and easily compromised. “

A recent study showed that up to 79% of smart home devices were insecure (because of default or easily-guessed router passwords) If, say, Netflix is down for a few hours, it doesn’t seem to affect you that much?… Think again:

Privacy-related recalls could become more frequent as connected devices become more intimate. A hack of a smart lamp or connected refrigerator may seem frivolous, but when it’s an insulin pump or a pacemaker that is compromised, attacks can be lethal and make action more necessary. “In a sense maybe there is a turning point for certain manufacturers to say, OK we need to do something about this,” Lee said.

That’s terrifying. Here as SaferTech, we don’t give out scary warnings with solution options. This Marketwatch sister article offers some solid advice here to prevent this kind of breach. Among their tips:

Printers are the worst. Not only can we all agree they are the worst, they actually seem to be the weakest link and most vulnerable hole in your home network. This funny article on Slate.com details the problem here.

Remember when Apple products were deemed impenetrable by viruses? That was a lovely era, but that time has passed. Purchase malware security software specifically for Mac. Which leads us to…

Do your security updates for smart devices. Yeah, they’re not our favorite either. Most of them don’t auto-update, so you have to do it yourself. Updates are tailored to the most recent and savvy security threats. Don’t ignore them.

  • A lot of these types of breaches enter through email. Double-check IP addresses for similarly-named URL’s that look legit at first glance.
  • Don’t log on to public wifi and don’t use unlocked neighboring wifi (even though its tempting in a pinch)
  • Don’t use common passwords or your phone number as a password. (I know of a lot of people that do this so it’s easy to share wifi when friends come over, but it’s better to keep your password on your fridge than make it so easy to figure out for outsiders) Jumble up varied symbols, numbers and capital letters all in one passcode.
  • Use multi-step authentication whenever possible. It is a pain, but there is this good reason banks love to use this technique . Just opt to get a one-time code texted to you whenever possible

The good thing about these kind of widespread hacks is that they cost the device companies money and push manufacturers to be competitive about security tech. Be a smart consumer. Pick products that include individualized passcode for every consumer who purchases.  And, remember: You can opt out of being so connected. (Plus, you don’t really want your home to be a veritable force field of EMF energy anyway.) “Smart homes” aren’t so smart after all if they leave your security and privacy at risk.

Also Watch