IoT in your home: what are the risks?
September 2018, Cyber Security
Smart homes are getting even smarter, with Internet of Things (IoT) devices rapidly coming to market to make homes more efficient and daily life more convenient. But any Internet connection comes with risk attached, and IoT in homes could increase your vulnerability, warns Fortinet.
IoT takes smart home technology a step further into the future, adding smart sensors and independent Internet connections to appliances and devices to take the task of controlling them out of the hands of their owners. For example, where smart fridges or air conditioners might need to be controlled using a mobile app, an IoT-enabled appliance might control itself without needing the homeowner’s input.
IoT-enabled appliances measure temperature or available light, for example, to automatically trigger an action in an appliance. By using IoT sensors and connected SIMs, manufacturers are now producing heaters and air conditioners that switch on and off to maintain a constant room temperature, lights that switch themselves on when a room is dark, planters that automatically water plants when needed, or door locks that recognise the home owner and unlock without them needing keys.
“IoT-enabled appliances will certainly start arriving in the homes of ordinary South Africans soon,” says Doros Hadjizenonos, regional sales director at Fortinet. “People are already moving to smart homes and embracing devices such as smart TVs and media servers. While these devices make life simpler and easier, the challenge is that not all manufacturers make security their top priority when building smart devices.”
Fortinet’s latest Global Threat Landscape Report found that cyber criminals are already targeting IoT devices and media servers in homes for ‘cryptojacking’, in which they use a device’s computing power to mine cryptocurrency. The report said: “They are an especially attractive target because of their rich source of computational horsepower, which can be used for malicious purposes. Attackers are taking advantage of them by loading malware that is continually mining because these devices are always on and connected. In addition, the interfaces for these devices are being exploited as modified Web browsers, which expands the vulnerabilities and exploit vectors on them.”
“Cryptojacking in itself may not be a direct threat to the owner of the IoT device, although it could make it run slower,” says Hadjizenonos. “But once the code in the home is being controlled by someone else, they could also turn their attention to monitoring personal information on the home network.”
Globally, smart devices such as baby monitors and even smart vacuum cleaners have been hacked in the past, and Hadjizenonos says there is little prevent criminals from stealing passwords, monitoring the movements of homeowners, or tracking their children in future.
“Consumers typically connect their smart appliances via one router, so this is where smart home security efforts should be focused,” he says. “Before investing in smart and IoT-enabled devices, it’s recommended that homeowners ensure that their networks are secure, take advantage of security services from their ISPs, and lock down their routers. Once they invest in smart appliances, they should remember to check regularly for patches and updates to keep these appliances and devices secure.”