Making every home device 'smart' might be helping criminals


Cybersecurity used to be a very niche subject only of interest to network administrators. Today computers and internet-connected devices are ubiquitous in all of our homes. So, it is a good idea for everyone to brush up on their cybersecurity skills. Good cybersecurity doesn’t require you to have a computing degree; nor does it require you to learn any advanced skills. This can also mean just staying anonymous online.

Practicing good cybersecurity is all about common sense. For example, there are few people who do not understand the importance of password protecting their devices. People are also generally much more aware of the dangers of malware and phishing attacks.

However, knowledge of cybersecurity is improving at a much slower rate than the number of new internet-connected devices in our homes. There is mounting evidence to suggest that we are collectively rushing into this, leaving many of our homes vulnerable to cyberattacks.

Automated scripts seek and infect vulnerable devices all over the internet. The recent growth of bot networks indicates a problem far more serious than many people seem to realize.

What Is a Botnet?

A botnet is a network of devices, each of which had been compromised by an attacker. After gaining the ability to execute code on infected devices, hackers can use them to do whatever they wish. This often means that botnets with thousands of devices can be directed to launch a distributed denial-of-service attack on an unsuspecting victim.

Some botnets are run by cybercriminals, but others have the backing of nation-state actors. It is this second category of botnet that is so concerning, especially with our increasing use of internet-connected devices and smartphones. Any device that connects to the Internet can potentially be a target for hackers. However, when it comes to smart home devices, the lack of security measures across the board is truly alarming.

While many people associate botnets with spam emails, they are increasingly being used for much more nefarious purposes. Perhaps the most striking recent example of this is the Mirai botnet.  It was used to launch an attack that took down a large portion of the internet. Among the affected websites were some big names such as Twitter, CNN, and Netflix. These websites and services are integral to many people’s internet usage, which tells us how much of a threat a botnet can pose.

How Are Botnets Created?

There are many ways to put together a botnet, but they all involve the same basic principles. In the past, botnets mostly comprised computer systems, whether personal or professional workstations. Today, the landscape is very different. There are now innumerable internet-connected devices alongside traditional computers.

Over the last decade or so, security researchers have raised the alarm a number of times about private businesses and their lack of regard to cybersecurity. Some examples include medical devices like pacemakers, as well as cars with on-board computers, that shipped completely unsecured. Given the potential stakes, it is scandalous that there has been no kind of security at all.

Unfortunately, we are now beginning to realize that a similar situation is playing out with smart home technology. Using a variant of the mirror botnet, attackers have been able to automatically scan the internet for vulnerable devices. These devices are automatically hijacked and added to the botnet.

How Vulnerable Are Smarthomes?

By the end of 2017, it was estimated that there were almost 8.5 billion internet-connected smart devices on the internet. These don’t just include the obvious things, such as your Amazon Echo or Google nest.

For example, a DDoS attack was launched last year against a brick and mortar jewelry store. While this was a small attack in the grand scheme of things, the attackers were able to use more than 25,000 CCTV cameras across the globe and direct them to make 35,000 HTTP requests every second.

It is because of the absence of any security on many of these devices that attackers have hijacked them from afar. If there is not even a simple password protection system on a device, attackers simply need to identify the IP address and connect to it. With the availability of scripts that do all the work for them, they can sit back and amass a large botnet with ease.

Is a Smart Home a Good Idea?

With this in mind, it is hard to recommend to anyone that they invest in a smart home at the present. Often even the most tech-savvy users will be powerless to improve the security of their internet-connected smart home devices. While there are exceptions, it seems that smart devices are often not nearly as smart as we would like.

Before you rush to convert your home into a smart home, make sure that you fully understand the potential security implications. For most people, it seems prudent to wait and see how the situation develops.