Your Smart Home is Vulnerable to Cyber Attacks

[harlan4096]

Here is how you can secure it against malicious hackers

Smart devices have started to find a place in our homes for quite some time now, and it’s safe to say they’ve already become a mainstream technology. In fact, 14.2 billion connected devices will be used in 2019, and by 2021, the total number will reach 25 billion, according to Gartner. All of them are part of the huge network of Internet of Things (IoT).

Everything from lightbulbs, thermostats, and doorbells, to dishwashers and even your front door locking system, can now be designed as a smart device connected to the Internet. As we gradually transition to a future where all devices can potentially be interconnected, we must be prepared to embrace their advantages but also to be able to face the risks.

Unlike “standard” computer hacking, overriding IoT devices could result in physical damage and threaten your life. Not only that, but IoT hacks can also expose your personal data.

I know that controlling the devices from your house using your smartphone can be extremely convenient. Yet, there have been many reported cases of hacked devices. Paradoxically, gadgets that are supposed to keep you safe and make your life easier could put you in danger.

A single lightbulb could give hackers full access to your Wi-Fi credentials

Here’s how a hacker, who goes under the name LimitedResults, managed to hack a lightbulb from LIFX, a company that produces Wi-Fi connected smart lights. The hacker was able to extract the owner’s Wi-Fi login and password, among other data, in under an hour.

The light bulb can be controlled through a smartphone app and according to LimitedResults, the weak (or nonexistent) security measures on the lightbulb itself at that time made it possible for the device to be accessed.

The hacker bought one of these lightbulbs on Amazon and used a handsaw to open it and get access to its main chip. Then, the lightbulb’s chip was connected to another chip that allowed access to the bulb’s hardware using a USB port.

The Wi-Fi user and password were stored in plain text in the lightbulb’s memory, and the hacker was also able to extract the encryption key. It also seems the gadget did not have any security measures in place, meaning that anybody could control the device and write data to its memory.

LIFX was informed about these vulnerabilities and they claimed they had them fixed.

Things can get much worse

The case I’ve shown above is just a mere example of what an attacker could do, but things can get much more serious than that.

One of the worst IoT attacks in history was recorded back in October of 2016, when the company Dyn that controls much of the world’s DNS infrastructure, was hit by the Mirai botnet. Many websites, including Twitter, the Guardian, Netflix, Reddit, CNN, and many others were taken down.

Mirai is different from other botnets, which are normally comprised of computers. Mirai is mostly made up of IoT Devices, such as digital cameras and DVR players.

How did this attack work? After a computer got infected with Mirai, it continuously searched the internet for vulnerable IoT devices and used default usernames and passwords to log in, infecting them with malware. In the October 2016 attack, it was estimated that 100,000 endpoints were affected.

Continue Reading