Smart home devices attract hackers in their first five minutes online
Within five minutes of a smart device going online, hackers will try to gain access by using well-known factory setting passwords and usernames. Even devices that have been updated, where a buyer sets up new credentials immediately, may be hacked because of security vulnerabilities built into the security camera, virtual assistant, thermostat or other product.
NetScout, a cybersecurity firm, tracked attempted attacks on its own honeypots—digital lures set up to attract hackers. According to its new report, "IoT Exploits: Around the World in 120 Days," the company saw attacks double in size between December 2018 and January 2019—up 218 percent.
"Alarmingly, users now have less than 5 minutes from the point of installation to change the factory settings of their Internet-connected cameras, virtual assistants, thermostats, door entry systems, and other digital equipment before they are probed to see if access is possible using default passwords and in just hours those devices are probed for known security flaws," said Matt Bing, NetScout's senior security analyst.
Read More:
- Is our smart home growing more vulnerable to hacks?
- Nest security camera hack told family misses were on their way
- Pepper IoT wants to scrub security problems from smart devices
Some of the so-called vulnerabilities, the weak points on a device that could allow a hacker to gain control, are not even new, with one known nearly four years ago, stated NetScout. The most popular attack over the past four months came from an exploit that was publicly known in April 2015, and is connected to attacks from the Satori and JenX botnets, the company said on its blog. Most of the malware was actually "a Mirai variant," they said.
Hacking attempts
While hacks can be as widespread as the Mirai virus, which turned smart devices infected with its code into a zombie botnet army, they can also be done to single devices. Consider the attack on a single fish tank's thermostat in a Las Vegas casino that helped hackers gain access to a wider online network in 2018. Or the Nest security camera hack that sent one Californian family into a panic when they were told a missile attack was on its way. (It wasn't.)
NetScout believes that even if buyers take all the best steps — changing passwords, for example — they really can't bear the burden of trying to stop hackers, a sentiment other cybersecurity experts have echoed in the past.
While changing default passwords is always a good idea, smart devices and apps can contain security flaws and back doors that make it difficult for the basic consumer to completely lock down their connected products.
One reason smart home brands may need to work together is that, in addition to updating and testing their own software regularly and educating their consumers on best security practices, they may also need to work together to keep their products doing what they're designed to do and not be an open door for hackers.