Smart homes – Your security death trap
- 23 May, 2019 08:00
This is not the first time I have written about smart technologies and the risks that they can pose but I wanted to narrow the view a little with this particular piece and focus specifically on smart home technology and some risks they pose to you and your families that you may not have considered but really should. Don’t get me wrong I am as intrigued by smart technologies as probably many of you are and what benefits they can bring to our lives, but I just don’t know if the benefits outweigh the risks.
Let’s break these smart home technology devices/functions down into a couple of different areas and then review each for the possible risks you should know about. The first is the smart locks, home security monitoring systems, then we have systems like the smart fridges, freezers or random cooking devices or coffee machines (some of these are just loopy but they exist). Lastly, we can then look at smart speakers, home hubs, child monitoring devices (the risks with these really concern me – so I might start with this one first).
Smart speakers are something that is spreading into homes almost as fast as the first iPhones spread into our hands when they first appeared in our lives back in June 2007, I wasn’t a big fan when they came out, but they have certainly brought about a big change in how we all use our phones. Smart speakers are actually a pretty cool device and are quite impressive at how well they can follow voice commands and answer questions thrown at them but is it worth playing some music via voice or answering trivia questions to allow them to record all your conversations that are in microphone shot of the devices? Then for the companies who make them review and use the information for their own benefit with absolutely no regard for our privacy.
Just one example of this was with Amazon Echos, with more than 100 million of them sold by the start of this year (2019) worldwide, wow that is a massive number. It was revealed that Amazon employs thousands of staff around the world to listen to recordings captured unknowingly by echos of its owners at homes and offices. That certainly sounds a little stalkerish, unethical to me and a massive breach of consumer trust by Amazon. Amazon says its to help the AI function better respond to commands, but I think there is probably more to it than what they are telling us, but it will be forgotten, and nothing will be said about it again until the next time one of these massive companies does something like this again (Oh and did I mention that they haven’t stopped doing this either, this is still an ongoing practice).
Smart baby or child monitors now this is truly an area that concerns me, this is our children that are watched and listened to by these devices. These devices are put in our children's rooms by parents and then connected to wifi, so they can access them via an app on their smartphones through the internet and interact remotely with their children, no security setup on many of the devices and parents installing them on many occasions don't even change the default login information. This is a huge risk to your security, personal privacy and possibly your children's lives if these devices are accessed via a malicious actor. Don't believe me? Take a look at this case with the Nest baby monitor a malicious actor threatened a mom that they would kidnap their baby, that would be a bit concerning to a parent don’t you think.
It doesn't end with baby monitors though what about smart toys like those reactive toy dinosaurs or stuffed toys that we all see in the toy stores these days that interact with our children. They are connected to wifi in many cases (they say it is for updates, but I don’t think that is the end of it for some) and they can be accessed via an app on a parents or child’s devices to control or customise these devices. They can also be used by malicious actors to listen in on children or their families and who knows what else. Please, if you must use these devices in your homes at least change the default login information and if you don't know how to do it please ask someone who can help. Seriously this is our children's safety you are talking about here, don’t just fob it off and say it will be fine. Trust me it won't be fine, secure these devices, please.
Now I want to be clear here I have barely scratched the surface of what is capable by malicious actors with these children/baby devices but if they are capable of activity such as above with let's be honest here pretty dumb devices what do you think they could do with your smart speakers or let's say you’re smart fridge? I did a previous topic of “Hacked via a fridge” I think that clearly describes how bad it could really get with those types of appliances. I personally like the fact that not only could malicious actors use your device to hack the network, but they could be super nice and order you 500 bottles of milk or 100 boxes of Magnum ice creams just to make sure you don’t run out. That’s pretty nice of them don’t you think.
Do you really know what information your coffee machine collects about you and what it sends back to the manufacturer? Honestly, do we really need to make our lives more insecure by making smart kettles or toasters, come on people we don't need that type of connectivity in dumb devices like these, it's just idiotic! What could be the benefit, it could tell me I haven’t got enough water or maybe I put a bit too much in? Just use your eyes and your brains its what they are for.
Okay, so you have played around with the smart speakers, smart tv’s and you have a fridge that orders your groceries for you, so you thought let’s go the full hog and fit out our house with smart locks, lights, garage doors and security monitoring systems (I can only see this ending badly). So, I get people love to have things automated and have it so that if you want to check that your garage doors are closed when you get to work when you just have that niggling feeling that you left them open. The ability to remotely close them or open them if you get a delivery and you discuss the placement of these with the delivery person via your connected doorbell. Yeah, I get it, it’s a cool feature and could come in handy.
Maybe it would be great to be able to view your security camera's via your phone and turn off the alarm as well as unlock the door to allow a tradie to come in and fix your washing machine or toilet or whatever it is that has notified you via the smart function that it has a malfunction but stop here for a moment and think about what I just said. Just so we are on the same page here I am going to create an imaginary scenario for you.
Let’s say you have a smart home that is connected to basically all of the above and you post on social media that you are having a super awesome holiday in the Canadian alps (seems like as good a place as any) and a malicious actor who has been watching your profile for a few weeks now and already has broken into all of your accounts online (it wasn't hard you use the same password for them all including the social media which was involved in a breach last year – you should have changed it by now and not used the same one for everything). They already know your address and as they have access to all of your accounts they rock up to your house in the middle of the day and turn your security systems off (so you can't see them on the recordings), then they unlock your smart locks and walk right in and help themselves to all of your fancy new smart devices.
All these fancy smart devices in your home don't quite seem as smart now do they? No, they don't. That is just one type of scenario that these devices could be used against you, a stalker type situation could use these devices to watch what you and your family do at all times, track your locations with smartwatches or phones. The list really does just go on and on. My mind runs wild with scenarios in which I could take advantage of these devices to gain access to systems I am not supposed to, and I am one of the good guys, so I am sure you could imagine what sort of scenarios that a malicious actor could concoct with such a plethora of unsecured devices to manipulate.
Okay so I may be being a bit dramatic, but these threats are real, and you need to ensure that you take all the necessary measures to protect yourself and your families if you don't know how please find someone to help you do this. Even if it costs you some money to ensure you are secure it will be definitely worth the investment. You can't put a price on our children’s safety, so go do something about it today and stop putting it off.