Are IoT devices making your home vulnerable?

Next story
Olivia Storey

Internet of Things is slowly, but surely, taking over the home. From Alexa to Smart fridges, and now even Smart home security - but can it guarantee security of your private network?

The new ‘mega trend’ for the home is Internet of Things and the interconnectivity of devices, with an estimated 20.8 billion connected IoT devices by 2020.

The market for IoT devices is increasing, with almost everything becoming ‘Smart’ and accessible via a Smart Phone. The devices that can be controlled via the user’s Smart phone, like the iSmartAlarm, which is a do-it-yourself Smart home security system, allow for wireless access anywhere you may be.

This may sound convenient for day-to-day life; however, the iSmartAlarm has been found to have multiple security flaws and is considered a poorly engineered device, from a security perspective.

The multiple vulnerabilities that the iSmartAlarm is believed to have could lead to full device compromise, where hackers can infiltrate through the weak link in the system, the iSmartAlarm, and through this they could fully compromise the network.

Not only would your network be at risk, but your home or business, as a hacker could disarm the alarm wirelessly, gaining free access to the building.

Mark James, ESET IT Security Specialist, discusses the growth of IoT devices in people’s lives and why these devices can be potentially very dangerous for your personal networks and information.

“We purchase all of these amazing devices with lots of cool features but we often don’t stop and think should we?

“Yes, its cool my lights can be turned on and off by speaking the command or my kettle can turn itself on when I pull into the drive, but does it really need to?

“Have I considered the implications of possibly allowing an intruder from anywhere in the world access to my home network just because the security used inside my IoT device is lacking or even non-existent.

“The problem of course is how can you tell? As an average user, you have no control, you could not possibly know if the communication protocols are using an authentic SSL certificate. So what can you do?

“All you can do is trust the manufacturer to regularly update or patch their software when, and if, someone else finds a vulnerability.

“The problems may be around trying to utilise security practices already in place or trying to add security rather than design it during the build process either way it’s you the end user that suffers.

“Choosing an established vendor with a history of maintaining their products is your only defence.

“Saving a few pounds may seem like a great idea until you start connecting devices to the internet or network, and also consider if it really needs to be open to the public just because it can does not mean that it should.

“Vendors cannot protect against every attack vector but they should take reasonable precautions when being the device bridging the gap from your private data to anyone’s public access.”

 

How many IoT devices do you own? Let us know on Twitter @ESETUK.

 

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.