It’s no secret that the Internet of Things isn’t nearly as secure as it should be, especially as more smart products hit the market and the world becomes more connected. But new research reveals just how easy it is to gain access to some devices.
Cyber researchers at Israel’s Ben-Gurion University of the Negev found that some devices — including baby monitors, home security cameras, doorbells, and thermostats — were “easily co-opted.” The full release was posted on EurekAlert.
Perhaps the most concerning piece of information in the research involves the ease in which anyone can get passwords which allow access to certain smart devices.
“It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand,” Ph.D. student and research lab member Omer Shwartz said. “Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely.”
The researchers found that “similar products under different brands share the same common default passwords.” Many consumers and businesses don’t change these initial passwords when a device is purchased, which makes access much easier for hackers. These devices also commonly hold Wi-Fi passwords, which could grant hackers access to an entire Wi-Fi network.
“It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices,” said Dr. Yossi Oren, senior lecturer and head of the Implementation Security and Side-Channel Attacks Lab at [email protected] “Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products.”
[Check our our simple tips to quickly improve your cybersecurity.]
Dr. Oren said manufacturers should stop using easy, hard-coded passwords. But you can take matters into your own hands. The researchers offered tips, including to only buy IoT devices new, from reputable brands and vendors. It’s also important to use strong passwords “with a minimum of 16 letters,” and to use different passwords for each device — some of these are tips you may have heard from us before.