Each day we own more stuff, both in and outside of our homes, that are connected to the internet and communicating with the whole world. Should we be scared? What can we do to protect ourselves? Home security in the 21st century has more doors than just the front one.
A new door into your home
There are a lot of ways to get inside home, if criminals set their mind to it. From security doors to windows, and sometimes even the walls, all can be broken into one way or another. No lock is perfect. They all have a point or a system that can open them. It's the same thing with the internet. If the door isn't any good, making breaking and entering to pillage and loot an easy task.
Any door could be a back door.
Nowadays, there are a lot of household appliances that can connect to the internet. It's odd for someone not to own a Smart TV or such things as a refrigerator that knows what's missing and orders it online all by itself. The industry has filled our homes with an infinite supply of devices that we can control through the internet, from anywhere the world. This is called, the Internet of Things (IoT). It's incredible but, quoting Uncle Ben, "with great power comes great responsibility".
Security in the physical world is something we've been able to tackle quite successfully, now ingrained in our minds as common sense. That being said, the same can't be said for online security. You obviously wouldn't leave your bike on the street without locking it up, but you might not change the default password on your home router, certain that no one would steal it. This is just a question of education in technology and a lot of work must be done here to help people better protect themselves. But where there is a will, there is a way.
In the IoT market, there are devices available that are ready to go straight out of the box, also knows an "plug and play". DIY, on the other hand, has also become very fashionable. From Raspberry Pi (or Raspi) to security cameras, everything connects to the internet, though the risks may differ between all types of devices.
When buying a finished product that can connect to the internet, we depend on the manufacturer's software for security and we shouldn't have to worry about updating it as soon as it becomes available, like we do with smartphones.
If you're a DIYer, then you'll have to worry about more than just regularly updating your software. If, for example, you own a Raspi to remotely access you hard drive, you can easily open the back door yourself if you don't think about all the security measures required.
The home hack
IoT devices connect to the internet and can be accessed by anyone. In Shodan (a device search engine), we can search for any IoT device, including specifically looking for ones with vulnerabilities. This gives us a better idea of the accessibility of these devices, for us and for anyone else who's looking.
Therefore, we need to worry about the security of the devices we buy and connect in our homes. This will greatly depend on the device manufacturer's level of technical maturity.
A few examples of things being hacked
In the last few years, we've connected everything to the internet. Currently, there are more than seven billion connected devices and many more, which can connect to Wi-Fi, Bluetooth, NFC, etc. The connections made by these devices are the doors to exploit the vulnerabilities in their software and take control.
On October 21, 2016, Dyn, the biggest DNS provider in the world, suffered a DDoS attack (distributed denial of service) from a botnet made of millions of IoT devices. Meaning, every one of those millions of devices wanted to get onto Dyn’s web pages, collapsing its servers and leaving businesses like Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify without service.
We saw another example of an IoT device hack a few weeks later in one of Oracle's offices. Thanks to a drone, they were able to send signals to a series of smart bombs to repeat S.O.S. in Morse code.
Security cameras connected to the internet may not always be as secure as they should be. In 2014, some 73,000 security cameras throughout the world were hacked and some of the photos they'd taken were made public. Recently, we also read a headline that it only took 98 seconds to hack a $55, low cost security camera.
8/x: Actually, it took 98 seconds for first infection pic.twitter.com/EDdOZaEs0V— Rob Graham (@ErrataRob) 18 de noviembre de 2016
I'm sure this hack will sound a bit more familiar though. Back in 2014, a team of engineers specialized in information security (actual hackers), were able to take control of a Jeep while it was driving down a highway. Jeep's reaction was slow and awkward. It took months to update their cars and it could only be done through one workshop. This was a technology maturity fail by Jeep.
How to protect yourself from home hacking
There are hundreds of businesses out there that worry about the security of the Internet of Things, such as Cisco and Google. But it's obvious, those things that can be hacked, will be hacked. So, we're going to leave you with a few pieces of advice to help you keep an eye on the security of your IoT devices and any device that connects to the Internet for that matter (including smartphones).
- Before you buy, make sure the manufacturer can handle a quick patch of its vulnerabilities
- Change default usernames and passwords. This is fundamental, even if you don't feel like it
- Deactivate the Universal Plug-and-Play (UPnP), which directly creates a security hole in your router’s connections
- On your router, deactivate the Remote Management Protocol, especially if it's through Telnet, which is often an infection route for Mirai malware.
- Keep the software on your devices updated and patched
- As an extra option, you can buy a firewall device, which could avoid attacks
Do you have any IoT devices in your house? Do you know if they're already part of a botnet? Let us know what you think about this topic in the comments below.