Pages

Monday, 6 April 2015

Your Smart Home Will Be Hacked. Here's How to Stop It.

By Dan Tynan
Your Smart Home Will Be Hacked. Here's How to Stop It.
(Thinkstock)
Some day we will all live in smart homes. Automated gadgets running on the Internet of Things will manage our lighting and heat, keep our appliances humming, and free us up to do more important things. like play Candy Crush Saga 24/7.
Before they do all that, though, the Internet of Things (IoT) has a lot of growing up to do. So far, tech startups have done a great job of churning out inexpensive gizmos that turn on the lights when you enter the room or start the coffee when you wake up, but they’ve done a mostly terrible job of making sure random strangers can’t also flip on your Philips Hue orcontrol your Keurig.
Last July, HPreleased a scathing report on the poor security of IoT devices, noting that more than 7 out of 10 have some kind of vulnerability. Over the past three years, devices like the Nest Smart Thermostat, Kwikset Smartkey lock, Foscam Baby Monitor, andthousands of home security cameras have been compromised in the lab or in the wild.
Internet of Things Security Report
(HP)
A report scheduled to be released tomorrow by enterprise security firmVeracode details some of the ways IoT devices can be hacked, controlled remotely, and even used to spy on you. Given the right circumstances, an external attacker could know when you’re not home, open and close your garage door, turn your lights on or off, and even eavesdrop on your conversations.

Safe… for now

That’s the theory. In practice, at least for now, smarthome hacking isn’t that big a concern. IoT devices aren’t widespread enough. yet, to be a tempting target for hackers. Not when they’ve got all these juicy insecure corporate databases to pilfer from. Unless you’re the CEO of some major multinational corporation or a key government official, it’s unlikely some random hacker is going to target you.
And while a black market might one day develop where hackers half a world away sell the details of your comings and goings to some cyber burglar in your hometown, you’re still far more likely to be the victim of an email phishing attack that steals your bank log-ins, or to get a malware infection from opening a poisoned file attachment.
But in a few years this could change. Our homes could become so “smart” that one not-so-smart gizmo could wreak all kinds of havoc in our personal lives. What can you do about it, besides avoiding any product with the word “smart” in its name? You can start by locking down your home network.

Router rooter

Despite the gaping holes in IoT security, the device on your network that’s most likely to be attacked is your WiFi router itself, says Veracode research architect Brandon Creighton. Unlike a lot of IoT gadgets, your router is remotely accessible by design – otherwise you’d never be able to download Web pages, stream video, or receive email. If attackers are going to get to your IoT devices, they will likely go through the router first.  
There are a handful of basic things you can do to make your router safer. The first is to change your logins. Most routers come with a default username and password for accessing the settings (often “admin” and “password”). You’ll want to change these as soon as you can, if you haven’t already; otherwise, malicious strangers within range of your network could come in and access your router settings, then change the password so you can no longer log in.
Note that your router’s administrative password is not the same thing as your WiFi password. The router password is what you need to get into the guts of the router itself. The WiFi password just lets you onto the local network the router runs. You should make sure both are unique. 
The second is to make sure you’re using WPA2 security. (New routers tend to come with this turned on by default). This will encrypt the data going in or out of your router, keeping anyone within range of your network from logging on, surfing for free, or using a “packet sniffer” to capture all your information.
Netgear admin
(Netgear)
Your router may come with a mobile app like Netgear Genie or Linksys Connect that lets you change these settings pretty easily; otherwise you’ll need to log into your router’s admin page by typing a numerical IP address into the URL window of your browser (usually 192.168.x.x, with the x’s being either a 0 or a 1.) Then look for tabs marked “wireless” and/or “security.”

One dumb cookie

Last December, Checkpoint software revealed that more than 12 million home WiFi routers were vulnerable to a “Misfortune Cookie” attack. By sending the router a malicious cookie file, attackers could remotely take control of your home network and every device on it.  
Checkpoint compiled a list of more than 200 models affected by the Misfortune Cookie. If yours is one of them, visit the manufacturer’s Web site or contact them to see if they’ve issued a patch. Even if your router isn’t on that list, it’s a good idea to make sure it’s running the most current firmware. All major router vendors offer support pages telling you how to identify what firmware you’re running and upgrade it.
Once you’ve secured your router, create a new WiFi network that’s just for your IoT devices, and put your laptop and desktop computers on one with a different name and password, suggests Creighton. If your IoT network still ends up being compromised, the data on your computers and inside your browser won’t be at risk.
bitdefender box
(Bitdefender)
Very soon you may be able to buy added security for your smart home. This month, antivirus vendor Bitdefender is officially launchingBitdefender BOX, a $200 device that plugs into your WiFi router and provides anti-malware protection for every connected device in your home. (Look for a review of the BOX coming soon to Yahoo Tech.)
Eventually these kinds of protections will be baked into routers themselves, and IoT device makers will start thinking about security before they build their products, not after. Until then, however, our smart homes won’t be as truly smart as we’d like them to be.

No comments:

Post a Comment