If you're thinking about filling your house with smart home devices (opens in new tab), you may want to reconsider as a new report (opens in new tab) from Which? (opens in new tab) has revealed that smart devices could be exposed to thousands of scanning or hacking attempts in a single week.
To conduct its new investigation, the independent consumer body collaborated with the NCC Group and the Global Cyber Alliance (GCA) to create a fake smart home in May of this year and fill it with a range of smart devices from televisions to thermostats to smart home security systems (opens in new tab) and even a smart kettle (opens in new tab).
During the first week of testing, Which? Observed 1,017 unique scans or hacking attempts originating from all over the world with at least 66 being done with malicious purposes. During the following month and the busiest week of testing though, there were 12,807 unique scans/attack attempts against the smart devices in the fake smart home.
- We've compiled a list of the best antivirus (opens in new tab) software around
- These are the best ransomware protection (opens in new tab) solutions available
- Also check out our roundup of the best malware removal software (opens in new tab)
That week also saw 2,435 specific attempts to maliciously log into Which?'s smart devices by using a weak default username and password (opens in new tab) such as admin and admin. To put this figure into perspective, there were 14 attempts by hackers to brute force their way into these devices every single hour.
Targeted devices
Of all the devices in Which?'s smart home, an Epson printer (opens in new tab) was the most attractive to hackers during the months-long testing process. Fortunately though, the attacks against the device failed because it had reasonably strong default passwords in place.
An ieGeek security camera (opens in new tab) purchased from Amazon wasn't so lucky though as not long after setting it up, the researchers conducting the experiment detected that someone had accessed the device and its video feed and had even managed to change some of its settings. Following the release of Which?'s report, Amazon removed the camera from sale on its online store (opens in new tab).
Which? estimates that 97 percent of all of attacks against smart devices are attempts to add them to the Mirai botnet (opens in new tab). This sprawling botnet probes for insecure devices and uses brute-force attacks to see if they are secured using weak passwords. If so, Mirai installs a trojan on them and adds them to its botnet.
In order to secure your smart home and smart devices, Which? recommends that consumers change default passwords, enable all of a device's security features including two-factor authentication (opens in new tab) if available, run security updates for their devices, remain vigilant against phishing attacks and return any device they believe is insecure.
- We've also highlighted the best endpoint protection (opens in new tab)
Via Which? (opens in new tab)