Will 2017 be the year your home becomes under attack from cyber criminals?
Experts expect the number of attacks on the Internet of Things (IoT) will likely increase in 2017. IoT includes devices like webcams, DVRs and connected thermostats that make life easier for homeowners, but are susceptible to cyber-intrusions.
These gadgets add conveniences like locking your door or shutting off the lights all from a smartphone app, but they come with certain risks, experts warn.
‘More insecure than secure’
“This is just the beginning of cybercriminals finding ways to creatively use the internet of things. Almost like a test attack,” Sophos’ Lyne said.
The type of attack is known as a distributed denial of services (DDoS).
“To translate it to the physical world, you know when you go to a shop you’ve got a revolving door,” Lyne continued. “It’s like getting a ton of your friends to go to this shop and all run around in circles in the revolving door, so no actual customers can get inside,” Lyne said.
While the attack is not believe to have cause any lasting damage, sometimes DDoS attacks are used to cover more damaging attacks.
“We’ve seen cybercriminals previously launch these big attacks against websites to draw everyone’s attention in, whilst in the background they conduct a more sinister attack of a financial nature,” said Lyne.
“I think all of us, from industry to individuals, to government are going to have to up our game in terms of making sure these devices are safe from the very real threat of cyber hackers.”
This was the first wide-scale attack that used these devices, but as more a more consumers add the devices to their home, attacks are expected to grow.
“We’re going to go from 12 billion devices we currently have, to over 30 billion devices by 2020, all interconnected. That’s going to add to the ease of our life but if all these devices are easily hacked into it could mean we could have a whole new host of security concerns,” said Sen. Mark Warner, a Virginia Democrat. Warner is a member of the Senate Select Committee on Intelligence and co-founder of the Senate Cybersecurity Caucus.
Smarthome devices are vulnerable because of poor programming. “Devices like these often come with a really bad and easy to guess username and password,” Lyne said.
Cybercriminals then take over IoT gadgets by searching the web for those with default passwords. Guessing the password allows the hackers to take over the device and harness its processing power for attacks.
Accordingly, a closed caption television camera or DVR “is enough of a reason to attack you so that you can be useful to attack other people. You are a target,” said Lyne.
Many of the devices used in the October attack were recalled by Chinese manufacturer, Xiogmai. But according to Lyne, many vulnerable devices are still for sale.
“Chances are right now if you’re buying an Internet of Things device, you’re more likely to be buying something insecure, than secure,” he said.
To help manufacturers, the Department of Homeland Security released strategic principles for IoT just last month, calling it “a matter of homeland security.”
However, the principles are not binding or regulatory and experts told CNBC more needs to be done. “To the vendors, you’ve got a very small window. The cybercriminals have noticed the abhorrent lack of security,” said Lyne.
“I think all of us, from industry to individuals, to government are going to have to up our game in terms of making sure these devices are safe from the very real threat of cyber hackers,” said Sen. Warner.
To protect yourself, Lyne recommends first deciding if you really need a smart home device in the first place. “You should ask yourself seriously, do you want this device in your home right now, while the industry takes action to fix these problems,” he said.
If you do use or buy IoT devices, you should change the default password and make sure to update the software.
“If you do have one of these devices, make sure you’re running the latest version of the software, because lots of manufacturers have issued fixes,” Lyne said.