SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
IoT Vulnerability: How to protect your smart home from security threats
Tue, 24th May 2016
FYI, this story is more than a year old

Vulnerability of IoT devices has been a trending topic for quite a while. With more than 13 billion connected devices in the world and more than 5 million new devices being connected to the Internet each day, the amount of data smart fridges, thermostats, home security systems, etc. collect and send online is just amazing.

Unfortunately, not all of the information sent online from your house controllers to your smartphone travels encrypted. Very often, the creators of smart gadgets are small startups, and they don't have resources or knowledge to build out sophisticated security. This might leave you wide open to a cyber attack. Hackers can get access to your IoT devices, install malware on it and eavesdrop your sensitive information. Malicious software can lurk unnoticed for months and even years on your devices. Updates and patches usually fix vulnerabilities that cause data leaks. But, as launching software updates for all these smart house helpers is quite a tricky task for small developers, your geo-location, video footage, audio files, pictures and tons of other sensitive information is at risk.

For example, recent research conducted by CITP-affiliated Ph.D. student Sarthak Grover and postdoctoral research fellow Roya Ensafi revealed that the Sharx security camera transmits video over unencrypted FTP and the Ubi uses unencrypted HTTP to communicate information to its portal, including voice chats, sensor readings like sound, temperature, light and more.

Big companies sometimes fail to protect their customer's information too. Just about half a year ago researchers found a weakness in Samsung smart fridges. Hackers who managed to jump on to the same network as this Internet-connected device, could steal Google login credentials from their neighbours. Even your child's toys are not safe. Back in 2015 the developer behind InnoTab tablet said hackers stole the personal information from more than 6 million children.

Such security holes mean adversaries can find out whether you are at home or not, locate your house, perform a man-in-the-middle attack and change settings on your gadgets to learn more about you. Of course, you can turn off your Wi-Fi or unlink some devices from your home network, but then what's the point of buying all these controllers and robotic stuff?

IoT is making our lives easier. Thanks to home automation we can spend time on more pleasant things than ordering pet supplies or trash bags. Amazon Dash Button will do it for you. Smart controllers, like Knocki, can turn on the lights and heat, help you to find your smartphone and control smart locks. Isn't it great? Just a few precautionary steps can minimise the risks of becoming a victim of cyber attackers.


1. Make sure to protect your home Wi-Fi network with a security and encryption tool. VPN would be a good solution for this purpose. It will change your IP and encrypt all the incoming and outgoing traffic, which means hackers won't be able to identify the data from your devices.



2. Always try to keep the software of your gadgets updated. As mentioned above, when found, developers fix holes and bugs in newer software versions.



3. Read carefully what information your gadgets can access. Thermostats might need to locate your home and nearest weather station. Do make sure this information cannot be eavesdropped by criminals.