Recent global research from Norton by Symantec (NASDAQ: SYMC) reveals one in five UK consumers have smart home devices, and an overwhelming majority of them (84 per cent) find they simplify their life. However, while they welcome the added convenience of Internet-connected thermostats, TVs, gaming consoles and baby monitors offer, consumers’ lax security habits and overconfidence in connected devices are leaving them vulnerable.
According to the Norton Cyber Security Insights Report, a survey of nearly 21,000 consumers globally including 1,000 in the UK, people are beginning to recognise that with each connected device purchase, a new avenue opens for hackers to launch attacks in their home.
- Two in Three (70 per cent) believe that as connected home devices become more popular, hackers will start targeting them more often.
- More than half (53 per cent) believe it’s more likely someone could gain unauthorised access to their connected home device than to their physical home.
- A whopping 78 per cent believe connected home devices provide hackers new ways to steal their personal information
Yet despite acknowledging the security risks that come with the smart home, device vulnerabilities and poor consumer security habits are increasingly acting as an easy on-ramp for hackers to access them.
- One in four connected home device users in The UK don’t have any protective measures in place for their devices.
- Nearly one in eight admit their Wi-Fi network is not password protected
- One in seven do not change the default password when setting up their Wi-Fi network
- More than half (53 per cent) admit they don’t know how to set-up a secure home Wi-Fi network or router or keep its software up-to-date (74 per cent)
- Two in five (39 per cent) of consumers surveyed don’t believe there are enough connected device users for them to be a worthwhile target for hackers.
- More than half (55 per cent) consumers said they believe connected home devices were designed with online security in mind. However, Symantec researchers identified security vulnerabilities in 50 different connected home devices ranging from smart thermostats to smart hubs that could make the devices easy targets for attacks.
“There have been an array of high-profile attacks in recent months demonstrating how cybercriminals are taking advantage of poor device security to hijack consumers’ home networks, spread malware and launch botnet attacks unbeknownst to their device owners,” said Nick Shaw, vice president, Consumer Business Unit, Symantec. “While smart devices may offer some notable benefits and convenience, there are also risks associated. Just as hackers learned to benefit from targeting social media and financial accounts, they are on their way to learning how access to connected home devices can be lucrative.”
Tips on how to keep home networks and connected devices safe:
- Review/research the reputation, capabilities and security features of a smart device before purchase.
- Set-up and/or change the default login and password information on your router and all the devices connected to your home network. Most importantly, always use strong and unique passwords for your router, smart devices and your Wi-Fi network(s).
- Use a strong encryption method when setting up Wi-Fi network access (WPA).
- Consider disabling features and services you do not use or are not required.
- Modify the default privacy and security settings of your smart devices according to your needs.
- Consider turning off or disabling your smart devices and home network when not in use.
- Review the settings of voice-activated features and commands for potential privacy risks and change them according to your needs.
- Disable Universal Plug and Play (UPnP) on routers unless absolutely necessary.
- Consider using wired connections instead of a Wi-Fi connection where possible.
- Regularly check manufacturers’ websites for software updates and patches.
- Exercise caution when sharing sensitive information, such as your Wi-Fi password, with others. Consider setting up a specific network for guest use.
- Don’t use your real name when “naming” your device and Wi-Fi network.
- Consider the hidden costs of “free” services and products.
- Use security software if it is available.
Recent incidents involving home-connected devices include the massive Mirai botnet cyberattack in October 2016 from common smart household items, which took major websites down across the globe. There was also an attack that allowed anyone on the internet to watch live footage of thousands of home webcams and baby monitors, as well as cases where people modified the thermostat of their ex-spouse or disabled security locks. There have also been reports of people taking control of home automation systems belonging to others. The US Federal Trade Commission settled a case against a firm that makes Internet-enabled security cameras and baby monitors. The FTC said that the cameras had been marketed as secure when, in fact, “the cameras had faulty software that left them open to online viewing, and in some instances listening, by anyone with the cameras’ Internet address,” the FTC said. “As a result of this failure, hundreds of consumers’ private camera feeds were made public on the Internet”.