Networked Home Gadgets Offer Hackers New Opportunities
Connecting a new appliance to your home’s Wi-Fi network or broadband modem could increase the risk that data such as passwords will be taken from computers in your house. Such is the warning from antivirus company Kaspersky Lab in a forthcoming report on the side effects of more and more home devices being connected to the Internet.
By now most consumers are aware that security is a major problem for their laptops and PCs, says David Jacoby, a security researcher at Kaspersky Lab. But they don’t realize that appliances like TVs, DVD players, and printers that connect to a home network are vulnerable to similar threats. What’s more, most such devices have no security protections built in whatsoever, he says (see “Securing the Smart Home, from Toasters to Toilets”). “Consumers need to understand that the devices that they buy might be vulnerable,” says Jacoby.
Jacoby recently hacked several Internet-enabled devices connected to his own home network, including his TV, printer, router, and remote storage devices. He came up with a laundry list of flaws in several everyday products, and is working with manufacturers to fix them before making a report public to highlight the severity of the problem.
Jacoby is not detailing the brands and models of the devices he hacked yet until the manufacturers have installed fixes. But the worst offenders, he says, were two network-attached storage devices, which between them had 14 vulnerabilities. One of them was particularly easy to wrest remote control of because it had a default administrator password that was just the character “1.”
The storage devices fetch software updates from their manufacturer over the Internet. But Jacoby showed that feature could be exploited by someone outside his home to connect to any other device on his home network, including his laptop.
Jacoby also found that his smart TV didn’t use encryption when connecting to the Internet, meaning an attacker could intercept data such as payments being made to buy a movie. And his router had a vulnerability that could be used to make contact with any device on his home network.
A preliminary report on Jacoby’s domestic hacking spree can be found here. A fuller report naming the vendors should be forthcoming.
There is currently little evidence that many criminals or tech-savvy pranksters are stalking the Internet with a view to exploiting such flaws. But Marc Rogers, principal security researcher with mobile security company Lookout, says that this is likely to change as connected devices become more pervasive.
“Dealing with the privacy and security aspects of the Internet of things is going to be one of the biggest challenges we have faced in security for a long time,” he says. “We are wearing it and installing it throughout our living spaces and other places where technology has not usually had the opportunity to go.”
Rogers says that many of the features of security software standard on traditional computing devices, such as laptops and smartphones, could also defend these newer devices. However, so far those techniques aren’t being used on the new wave of networked home devices, says Jacoby. “Nobody is doing anything at all about them.”
The best solution for many devices would be to not give them the ability to connect to the Internet at all, he says.
Such restraint seems unlikely, with manufacturers seeing Internet connectivity as a way to differentiate their products. Cisco recently estimated that today there are 10 billion connected devices in homes and offices and that the figure will reach 50 billion by 2020.
Keep Reading
Most Popular
This new data poisoning tool lets artists fight back against generative AI
The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models.
The Biggest Questions: What is death?
New neuroscience is challenging our understanding of the dying process—bringing opportunities for the living.
Rogue superintelligence and merging with machines: Inside the mind of OpenAI’s chief scientist
An exclusive conversation with Ilya Sutskever on his fears for the future of AI and why they’ve made him change the focus of his life’s work.
How to fix the internet
If we want online discourse to improve, we need to move beyond the big platforms.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.