You are here: Home - Household Bills - News -

Smart homes at risk of hacking attacks

Written by: Emma Lunn
A home filled with smart devices could be exposed to more than 12,000 hacking or unknown scanning attacks in a single week, according to Which?

UK households now have more than 10 different connected devices, on average, from televisions to thermostats. While these products can bring huge benefits and convenience for consumers, as homes become more ‘smart’ they can become more of a potential target for hackers.

Which? set up a fake home and filled it with connected products bought from online marketplaces, ranging from smart TVs, printers and wireless security cameras, to more unusual gadgets such as Wi-Fi kettles. Researchers then connected them to the internet, exposing them to online threats and malware created by real cybercriminals.

Working with cyber security specialists NCC Group and the Global Cyber Alliance, Which? looked for unique scanning attempts – a technique used to locate online devices that exists in a legal grey area and is a potential gateway used by hackers – and hacking attempts, which are a clear breach of the Computer Misuse Act.

The research team saw 1,017 unique scans or hacking attempts coming from all around the world in just the first week of testing, with at least 66 of these being for malicious purposes.

That figure rose to 12,807 unique scans or attack attempts against the home devices in the busiest week, including 2,435 specific attempts to maliciously log into the devices with a weak default username and password.

Most of the time, the basic security protections in the devices were able to block the attacks, but that was not always the case.

The most targeted devices in the testing were an Epson printer, an ieGeek branded wireless camera and a Yale smart home security system. All three devices were purchased from Amazon.

The ieGeek camera was easily hacked and compromised, allowing a genuine suspected hacker to access the video feed and spy on the testers.

All real attacks against the printer and security system failed because they had reasonably strong default passwords in place. But this doesn’t mean they are unhackable, just that they have basic protections against the most common bulk attacks that plague smart homes.

The most common reason to hack smart devices is to create botnets such as Mirai, which probe for new unsecure devices, such as routers, wireless cameras and connected printers coming online before forcing their way past weak default passwords. From there, the parasite can be used as a powerful hacking tool, such as in 2016 when it knocked Twitter, Amazon and other leading websites temporarily offline.

Based on Which?’s experiment, nearly all (97%) attacks against smart devices are to add them into the sprawling Mirai botnet. The hacking traffic came from around the world, but the vast majority appeared to originate from the US, India, Russia, the Netherlands and China.

Which? found spikes of activity during the 9am to 6pm period of the typical UK working day. This suggests that criminals know this is when people will be using their devices, potentially for work during the pandemic, and so they have more chance of hitting a target.

While not all scanning activity is malicious, and some is even semi-legitimate, malicious hackers use port scanning to find weak and vulnerable devices to prey upon.

Which? believes it is vital that the government pushes forward with plans for legislation to require connected devices to meet certain security standards and ensure this is backed by strong enforcement.

The Product Security and Telecommunications Infrastructure Bill, expected to be introduced in 2022, aims to regulate insecure connected products. Among its provisions is that default passwords on connected products, such as ‘admin’ or ‘123456’, will be made illegal.

The consumer champion also wants to see online marketplaces and retailers given additional obligations for ensuring the safety and security of the products sold on their sites, regardless of whether the seller is a third party.

Kate Bevan, Which? Computing editor, said: “While smart home gadgets and devices can bring huge benefits to our daily lives, consumers should be aware that some of these appliances are vulnerable to hackers and offer little or no security.

“There are a number of steps people can take to better protect their home, but hackers are growing increasingly sophisticated. Proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.”

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

The savings accounts paying the most interest

It’s time to get your finances in shape, and moving your cash savings to a higher paying deal is a good plac...

Everything you need to know about being furloughed

Few people had heard of ‘furlough’ before March 2020, but the coronavirus pandemic thrust the idea of bein...

The experts’ guide to sorting out your personal finances in 2021

From opting to ‘low spend’ months to imposing your own ‘cooling-off period’, industry experts reveal t...

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

Having a baby and your finances: seven top tips

We’re guessing the Duchess of Cambridge won’t be fretting about maternity pay or whether she’ll still be...

Protecting family wealth: 10 tips for cutting inheritance tax

Inheritance tax - sometimes known as 'death tax' - can cause even more heartache for bereaved families. But th...

Travel insurance: Five tips to ensure a successful claim

Ahead of your summer holiday, it’s important to make sure you have the right level of travel cover or you co...

Money Tips of the Week