Smart home devices can be hacked easily in less than 30 minutes, according to a new report published on March 15, 2018.
A team of researchers at Ben-Gurion University revealed that several home devices are insecure and can be compromised easily within less than 30 minutes.
“It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices,” says Yossi Oren, a researchers of the report.
The study included 16 off-the-shelf smart home devices including baby monitors, home security cameras, doorbells, and thermostats. It was found that a hackers can compromise these devices, however, the easiest way possible was by simply tracking down the default factory-set passwords.
“It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand. Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely.” says Omer Shwartz, another researcher.
Several studies have noted that a large number of people don not find it important to change their default passwords. One security research company found that 15 percent of devices it came across in the field still used default values, while 46 percent of industry professionals over 1,000 across the U.S. and U.K. were found to be using the default password on their wireless routers.
“Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products,” says Oren.
These devices need to be backed up with better security, before being commercialized and users can do several things on an individual level to better protect their home devices. One could avoid using second-hand devices that could already be planted with malware, and buy devices from reputable manufacturers only. It is also recommended that users prevent connecting their devices to the internet unless completely necessary. It is also important that one use strong passwords and not share the same across different devices.