Internet security vulnerabilities in products and the Internet of Things.Home Internet Security

On May 14th, 2018, BBC’s Panorama highlighted home Internet security vulnerabilities in people’s homes. It showed white hat hackers accessing home systems using a laptop in a van parked nearby and gaining access to the smart devices in the house. These included a smart television, lighting, curtains, central heating, and a printer, and they could order an iPad using the TV to access Alexa.

Another family had installed security cameras throughout the house but was unaware that these were viewable by strangers over the internet. In one case, a camera had been viewed for 9 hours by someone in France. The BBC found cameras online that monitored babies sleeping and were viewable by anyone. Watching other people’s CCTV is not even illegal, and people are unwittingly compromising their security while trying to enhance it.

To watch the program on iPlayer, follow this link to Panorama, Hacked: Smart Home Secrets: via @bbciplayer

Reasons for insecure products

Companies design consumer products to be as cheap as possible. Commercial pressures to get them to market means cutting corners. Security is less tangible than features, so it is an area likely to be inadequate. Companies want to reduce their costs, so they don’t want to handle user support issues as that costs them money. The result is setting default settings to plug and play. Plug and play will work out of the box but is unlikely to be secure.

Most of these products need regular firmware updates released by manufacturers to fix security problems and improve functionality. Some manufacturers don’t bother as it is another cost. If they discover a serious flaw, they say the product is “end of life” to avoid fixing the problem.

Most low-cost home products are made in the Far East and rebadged by other companies, so getting support for these is difficult or impossible.

What you should do

When buying products for the Internet of Things, carefully research what you are buying and check if good quality documentation is available in your language. Check if support is available if you have problems and if the company releases firmware updates for its products. The cheapest is unlikely to have any of these things, so avoid buying anything that will cause you a problem. Change any default passwords and ensure your devices are not making outbound connections by checking your router’s firewall logs.

Atomik.biz offers security audits, advice, and installation services for homes in the Leighton Buzzard area and can carry out any work necessary to make your systems secure.