A number of internet-connected home gadgets can be hacked in minutes using a simple Google search.
‘Smart’ baby monitors, security cameras and thermostats were accessed by cyber security researchers who tracked down their access passwords online.
They said that the ease with which criminals or paedophiles can take control of devices in the home is ‘truly frightening’.
A number of internet-connected home gadgets can be hacked in minutes using a simple Google search. ‘Smart’ baby monitors, security cameras and thermostats were accessed by cyber security researchers by tracking down their passwords online (stock image)
Experts at Ben-Gurion University of the Negev, Israel, examined off-the-shelf internet of things (IoT) devices and quickly uncovered a number of serious security issues.
The IoT is a broad category that refers to devices or sensors that connect, communicate or transmit information over the web.
Sixteen popular brands of IoT connected hardware devices were tested in total.
‘Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products,’ study lead Dr Yossi Oren said.
‘It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices.’
The team discovered that similar products under different brands often share the same common default passwords.
Consumers and businesses rarely change these passwords when purchased and they could be infected with malicious code for years without them realising.
Researchers examined off-the-shelf IoT devices, including smart baby monitors (stock image), and quickly uncovered a number of serious security issues. They said the ease with which criminals or pedophiles can take control of devices in the home is ‘truly frightening’
WHICH SMART HOUSEHOLD GADGETS ARE VULNERABLE TO CYBER ATTACKS?
From devices that order our groceries to smart toys that speak to our children, high-tech home gadgets are no longer the stuff of science fiction.
But even as they transform our lives, they put families at risk from criminal hackers taking advantage of security flaws to gain virtual access to homes.
A June 2017 study tested whether popular smart gadgets and appliances, including wireless cameras, a smart padlock and a children’s Bluetooth toy, could stand up to a possible hack.
The survey of 15 devices found that eight were vulnerable to hacking via the internet, Wi-Fi or Bluetooth connections.
Scary: Which? said ethical hackers broke into the CloudPets toy and made it play its own voice messages. They said any stranger could use the method to speak to children from outside
The test found that the Fredi Megapix home CCTV camera system operated over the internet using a default administrator account without a password, and Which? found thousands of similar cameras available for anyone to watch the live feed over the internet.
The watchdog said that a hacker could even pan and tilt the cameras to monitor activity in the house.
SureCloud hacked the CloudPets stuffed toy, which allows family and friends to send messages to a child via Bluetooth and made it play its own voice messages.
Which? said it contacted the manufacturers of eight affected products to alert them to flaws as part of the investigation, with the majority updating their software and security.
The team was also able to logon to entire Wi-fi networks simply by retrieving the password stored in a device to gain network access.
‘It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand,’ study co-author Omer Shwartz said.
Manufacturers of so-called IoT products – which include physical devices, vehicles, home appliances and other items that connect and exchange data – rarely protect them from simple cyber attacks, researchers said.
Mr Shwartz added: ‘Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely.’
Researchers discovered that similar products such as smart thermostats (stock) under different brands share the same common default passwords. Consumers rarely change device passwords when purchased so they could be operating infected with malicious code for years
‘It seems to get IoT products to market at an attractive price is often more important than securing them properly,’ Dr Oren said.
IoT users can protect their home devices by only connecting them to the internet if absolutely necessary and using hard-to-guess passwords.
Consumers should also avoid buying second-hand devices, which may already be infected with malware, and only buy from reputable manufacturers, the team said.
‘We hope our findings will hold manufacturers more accountable and help alert both manufacturers and consumers to the dangers inherent in the widespread use of unsecured IoT devices,’ Yael Mathov, another researcher on the project, said.