We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Intelligent Machines

Networked Home Gadgets Offer Hackers New Opportunities

Connected appliances such as TVs can provide hackers a way into your house.

Data breaches due to computer security failures are already a major problem.

Connecting a new appliance to your home’s Wi-Fi network or broadband modem could increase the risk that data such as passwords will be taken from computers in your house. Such is the warning from antivirus company Kaspersky Lab in a forthcoming report on the side effects of more and more home devices being connected to the Internet.

By now most consumers are aware that security is a major problem for their laptops and PCs, says David Jacoby, a security researcher at Kaspersky Lab. But they don’t realize that appliances like TVs, DVD players, and printers that connect to a home network are vulnerable to similar threats. What’s more, most such devices have no security protections built in whatsoever, he says (see “Securing the Smart Home, from Toasters to Toilets”). “Consumers need to understand that the devices that they buy might be vulnerable,” says Jacoby.

Jacoby recently hacked several Internet-enabled devices connected to his own home network, including his TV, printer, router, and remote storage devices. He came up with a laundry list of flaws in several everyday products, and is working with manufacturers to fix them before making a report public to highlight the severity of the problem.

Jacoby is not detailing the brands and models of the devices he hacked yet until the manufacturers have installed fixes. But the worst offenders, he says, were two network-attached storage devices, which between them had 14 vulnerabilities. One of them was particularly easy to wrest remote control of because it had a default administrator password that was just the character “1.”

The storage devices fetch software updates from their manufacturer over the Internet. But Jacoby showed that feature could be exploited by someone outside his home to connect to any other device on his home network, including his laptop.

Jacoby also found that his smart TV didn’t use encryption when connecting to the Internet, meaning an attacker could intercept data such as payments being made to buy a movie. And his router had a vulnerability that could be used to make contact with any device on his home network.

A preliminary report on Jacoby’s domestic hacking spree can be found here. A fuller report naming the vendors should be forthcoming.

There is currently little evidence that many criminals or tech-savvy pranksters are stalking the Internet with a view to exploiting such flaws. But Marc Rogers, principal security researcher with mobile security company Lookout, says that this is likely to change as connected devices become more pervasive.

“Dealing with the privacy and security aspects of the Internet of things is going to be one of the biggest challenges we have faced in security for a long time,” he says. “We are wearing it and installing it throughout our living spaces and other places where technology has not usually had the opportunity to go.”

Rogers says that many of the features of security software standard on traditional computing devices, such as laptops and smartphones, could also defend these newer devices. However, so far those techniques aren’t being used on the new wave of networked home devices, says Jacoby. “Nobody is doing anything at all about them.”

The best solution for many devices would be to not give them the ability to connect to the Internet at all, he says.

Such restraint seems unlikely, with manufacturers seeing Internet connectivity as a way to differentiate their products. Cisco recently estimated that today there are 10 billion connected devices in homes and offices and that the figure will reach 50 billion by 2020.

Want to go ad free? No ad blockers needed.

Become an Insider
Already an Insider? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.