Smart Devices ‘Easy To Hack’ Through Web Search For Passwords

It’s no secret that the Internet of Things isn’t nearly as secure as it should be, especially as more smart products hit the market and the world becomes more connected. But new research reveals just how easy it is to gain access to some devices.

By haris amrullah / Shutterstock.com

Cyber researchers at Israel’s Ben-Gurion University of the Negev found that some devices — including baby monitors, home security cameras, doorbells, and thermostats — were “easily co-opted.” The full release was posted on EurekAlert.

Perhaps the most concerning piece of information in the research involves the ease in which anyone can get passwords which allow access to certain smart devices.

“It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand,” Ph.D. student and research lab member Omer Shwartz said. “Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely.”

Common Passwords

The researchers found that “similar products under different brands share the same common default passwords.” Many consumers and businesses don’t change these initial passwords when a device is purchased, which makes access much easier for hackers. These devices also commonly hold Wi-Fi passwords, which could grant hackers access to an entire Wi-Fi network.

“It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices,” said Dr. Yossi Oren, senior lecturer and head of the Implementation Security and Side-Channel Attacks Lab at [email protected] “Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products.”

[Check our our simple tips to quickly improve your cybersecurity.]

Dr. Oren said manufacturers should stop using easy, hard-coded passwords. But you can take matters into your own hands. The researchers offered tips, including to only buy IoT devices new, from reputable brands and vendors. It’s also important to use strong passwords “with a minimum of 16 letters,” and to use different passwords for each device — some of these are tips you may have heard from us before.

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like Wirecutter.com and iLounge.com along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Leave a Comment

Trending News

Follow Us

Reviews