You are here: Home - Household Bills - News -

Smart homes at risk of hacking attacks

Written by: Emma Lunn
A home filled with smart devices could be exposed to more than 12,000 hacking or unknown scanning attacks in a single week, according to Which?

UK households now have more than 10 different connected devices, on average, from televisions to thermostats. While these products can bring huge benefits and convenience for consumers, as homes become more ‘smart’ they can become more of a potential target for hackers.

Which? set up a fake home and filled it with connected products bought from online marketplaces, ranging from smart TVs, printers and wireless security cameras, to more unusual gadgets such as Wi-Fi kettles. Researchers then connected them to the internet, exposing them to online threats and malware created by real cybercriminals.

Working with cyber security specialists NCC Group and the Global Cyber Alliance, Which? looked for unique scanning attempts – a technique used to locate online devices that exists in a legal grey area and is a potential gateway used by hackers – and hacking attempts, which are a clear breach of the Computer Misuse Act.

The research team saw 1,017 unique scans or hacking attempts coming from all around the world in just the first week of testing, with at least 66 of these being for malicious purposes.

That figure rose to 12,807 unique scans or attack attempts against the home devices in the busiest week, including 2,435 specific attempts to maliciously log into the devices with a weak default username and password.

Most of the time, the basic security protections in the devices were able to block the attacks, but that was not always the case.

The most targeted devices in the testing were an Epson printer, an ieGeek branded wireless camera and a Yale smart home security system. All three devices were purchased from Amazon.

The ieGeek camera was easily hacked and compromised, allowing a genuine suspected hacker to access the video feed and spy on the testers.

All real attacks against the printer and security system failed because they had reasonably strong default passwords in place. But this doesn’t mean they are unhackable, just that they have basic protections against the most common bulk attacks that plague smart homes.

The most common reason to hack smart devices is to create botnets such as Mirai, which probe for new unsecure devices, such as routers, wireless cameras and connected printers coming online before forcing their way past weak default passwords. From there, the parasite can be used as a powerful hacking tool, such as in 2016 when it knocked Twitter, Amazon and other leading websites temporarily offline.

Based on Which?’s experiment, nearly all (97%) attacks against smart devices are to add them into the sprawling Mirai botnet. The hacking traffic came from around the world, but the vast majority appeared to originate from the US, India, Russia, the Netherlands and China.

Which? found spikes of activity during the 9am to 6pm period of the typical UK working day. This suggests that criminals know this is when people will be using their devices, potentially for work during the pandemic, and so they have more chance of hitting a target.

While not all scanning activity is malicious, and some is even semi-legitimate, malicious hackers use port scanning to find weak and vulnerable devices to prey upon.

Which? believes it is vital that the government pushes forward with plans for legislation to require connected devices to meet certain security standards and ensure this is backed by strong enforcement.

The Product Security and Telecommunications Infrastructure Bill, expected to be introduced in 2022, aims to regulate insecure connected products. Among its provisions is that default passwords on connected products, such as ‘admin’ or ‘123456’, will be made illegal.

The consumer champion also wants to see online marketplaces and retailers given additional obligations for ensuring the safety and security of the products sold on their sites, regardless of whether the seller is a third party.

Kate Bevan, Which? Computing editor, said: “While smart home gadgets and devices can bring huge benefits to our daily lives, consumers should be aware that some of these appliances are vulnerable to hackers and offer little or no security.

“There are a number of steps people can take to better protect their home, but hackers are growing increasingly sophisticated. Proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.”

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

Everything you wanted to know about ISAs…but were afraid to ask

The new tax year is less than a fortnight away and for ISA savers or investors, it’s hugely important. If yo...

Your right to a refund if travel is affected by train strikes

There have been a wave of train strikes in the past six months, and for anyone travelling today Friday 3 Febru...

Could you save money with a social broadband tariff?

Two-thirds of low-income households are unaware they could be saving on broadband, according to Uswitch.

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

DIY investors: 10 common mistakes to avoid

For those without the help and experience of an adviser, here are 10 common DIY investor mistakes to avoid.

Mortgage down-valuations: Tips to avoid pulling out of a house sale

Down-valuations are on the rise. So, what does it mean for home buyers, and what can you do?

Five tips for surviving a bear market mauling

The S&P 500 has slipped into bear market territory and for UK investors, the FTSE 250 is also on the edge. Her...

Money Tips of the Week