Danger of ‘smart’ home devices like doorbells and thermostats

>

‘Digital burglaries’ where hackers virtually enter households via smart doorbells and webcams to snoop and steal are becoming more common, experts have warned. 

Everything from thermostats to webcams, speakers and doorbells provides a way for cyber criminals to spy on families and steal data and money.

Experts told DailyMail.com that hackers regard the devices as easy prey, and use them for everything from theft to stalking to screaming abuse at victims through their own doorbells. 

Research by eMarketer suggests that up to 60 million households in America have at least one smart device installed. 

Devices such as smart doorbells and webcams can let hackers ‘see into’ your house – or even speak to you (Shutterstock) 

Older, cheaper devices from China pose particular problems, says Marijus Briedis, CTO at NordVPN. 

Briedis says: ‘Devices linked to a camera like a video doorbell might let you know when a visitor is there, but, if someone else is watching, it could also reveal when the house is empty, or when children are home alone.’

A search engine, Shodan, allows hackers and cybersecurity experts to find vulnerable cameras (which have a default password enabled, for example) and ‘see through’ the unprotected devices.

The search engine enables users to ‘see’ inside offices, homes and gardens around the world through unsecured webcams found via Shodan.

Previously, cybersecurity researchers have shown Shodan working to find insecure baby monitors, allowing attackers to ‘see’ directly inside bedrooms and cots.

Hackers can also use smart devices to gain a ‘foothold,’ stealing information such as email addresses which can then enable theft, fraud or phishing attacks, Briedis warns.

 ‘With most IoT devices linked to a household’s Wi-Fi connection 24/7, they can be the perfect ‘back door’ for bad actors searching for a way to access your home network.’

A class-action lawsuit against Amazon alleges that hackers were able to breach Ring doorbells and scream abuse or say sinister things to households (Image: Shutterstock)

A class-action lawsuit against Amazon alleges that hackers were able to breach Ring doorbells and scream abuse or say sinister things to households (Image: Shutterstock)

Key tips to keep your family safe 

Smart doorbells can put you at risk of hackers

Smart doorbells can put you at risk of hackers

Smart devices are notoriously insecure (compared to gadgets such as phones and PCs), but there are several steps you can take to make your home safer.

Matthew Gribben, a former cyber security expert with British intelligence, security and cyber agency GCHQ offers five tips on how to ensure your smart devices aren’t giving away information to hackers.

Change the default logins

Gribben says, ‘Always change the default login details on any device you install (this includes your home broadband router by the way).

Using a default password and username such as ‘admin’ or ‘root’ can offer hackers an easy ‘way in’ to devices such as webcams.

Be careful when buying second-hand

If you buy webcams, smart speakers or any other smart device, be careful, Gribben warns.

Gribben says, ‘If you buy a used device,  make sure it’s properly factory reset. If you don’t, then there is the potential for the previous owner of the device to retain some level of access!’

Use two-factor authentication

For any device which has cloud-based systems for storing images, it’s extremely important to enable two-factor authentication (i.e. via an app or a text message), Gribben says.

Gribben says, ‘Always enable 2-factor / 2-step authentication when it’s available, this is where you use some additional method to authenticate and not just a password, for example, an SMS confirmation code or a mobile app such as Microsoft Authenticator.

Apply software updates

It’s easy to forget to update software on smart devices (although connected devices from bigger players such as Google and Amazon will mostly update themselves).

If you’re using webcams etc, it’s worth checking whether there are available updates, Gribben advises.

He says, ‘These often fix security issues that hackers will attempt to exploit.’

 

Hacking a device like a smart speaker might reveal details of a Spotify account for example – enabling cybercriminals to build up information that could be used for identity theft.

Criminals could take email addresses, passwords, and physical addresses, for example, and use this to commit bank fraud or take out loans in a person’s name.  

Briedis said: ‘Once a hacker has gained access to a network-enabled smart device, they can either simply stop it from working, or use it as a foothold to wreak havoc on the rest of the network, interfering with communications, planting harmful malware or even taking over other devices too.’

Older smart home devices are most at risk, Briedis warned, notably cheaper no-brand devices – where users fail to change default usernames such as ‘admin’, ‘guest’ or ‘root’ and default passwords such as ‘12345’.

NordVPN’s research showed that 64.9 percent of consumers don’t change such passwords, he said.

Hackers also target big brands such as Amazon and Google.

‘In 2020, dozens of Amazon Rings [security devices] were hacked, resulting in a lawsuit against the company,’ he said.

The claimants in the class-action lawsuit alleging that hackers could speak to them through their devices, with one being asked, ‘What are you watching’ as he watched TV.

Another says that an unknown attacker urged his children to approach the camera.

Hackers reportedly screamed obscenities at users and threatened murder.

Briedis say, ‘Last year, researchers showed a way Amazon’s voice-activated Echo devices could be programmed to hack themselves by making it play malicious commands through its own speakers. Although it is now fixed, this glitch allowed the Echo to be exploited so it could control other devices in the home, including security systems.’

Smart devices are also widely used to ‘spy’ on partners in domestic abuse cases, warns Matthew Gribben, a former cybersecurity expert with British intelligence, security and cyber agency GCHQ.

Gribben says, ‘There have been some examples of smart tech being misused in order to enable domestic abuse, by spying or intimidating former partners by retaining access to their smart devices.’

Devices and apps which are built for innocent purposes (such as tracking children) can also be misused by hackers, Gribben says.

He said, ‘You can even get caught out whilst trying to protect your family. For example, a few years ago it was demonstrated that certain smart watches, aimed at keeping children safe, could actually be accessed remotely by attackers.’

Gribben says that hackers don’t even need advanced skills to access many smart home devices, thanks to search engines such as Shodan. 

He says, ‘It is relatively simple for an attacker to log in to an internet connected device such as a security camera and spy on you in your own home. 

‘This is far more common with cheaper products, n particular smart CCTV camera systems and doorbells.

Gribben says, ‘The mainstream smart device brands are far from immune to these issues, for example certain older Swann CCTV systems have been shown to have major security issues.’ 

Security problems are far more common with cheaper brands and older equipment, particularly equipment sourced from China (Shutterstock)

Security problems are far more common with cheaper brands and older equipment, particularly equipment sourced from China (Shutterstock)