Hackers are targeting your smart tech

June 17, 2024

Approximately 75% of UK households have at least one smart device connected to their home Wi-Fi, but could these devices pose a hidden vulnerability and increase your risk of falling victim to cybercrime?

While the convenience of a smart fridge that notifies you when you’re low on milk seems harmless, the experts at Independent Advisor VPN have investigated whether smart home technology users are at greater risk of cyber attacks and malware due to the many unprotected internet-connected devices in their homes.

James Milin-Ashmore, VPN Expert at Independent Advisor VPN explains:

“Every device that connects to your Wi-Fi is like a new point of entry into your home. The more devices you have, the easier it is for hackers and cybercriminals to take advantage of these entry points and gain access to your home network. Especially if these devices aren’t protected in some way. Think of it like having multiple doors or windows into your home and then leaving them all unlocked, making it much easier for any potential intruders to break in.

“Many Internet of Things (IoT) devices, such as smart toasters, fridges, lighting, plugs, and even toothbrushes, prioritise convenience and ease of use meaning they often connect directly to your network without any additional security measures such as two-factor authentication. Having one or two devices that aren’t protected is still a risk but in most cases will probably be okay. However, the more devices you have in your home, the greater that risk becomes.”

Malicious attacks on vulnerable smart home systems can not only cause damage to the device or disrupt its functionality but are often just a foot in the door for cybercriminals.

Smart home devices frequently gather and transmit personal data. If cybercriminals breach these devices, attackers can access and misuse sensitive personal information, such as user habits, schedules, and even voice or video recordings which can be sold to third parties.

This data is often used to try to sell you products you might be interested in but in more extreme cases it may include financial information, such as your credit card details, which criminals can sell on the dark web.

Compromised IoT devices can also be hijacked by attackers to create botnets, which are networks of infected devices under the control of cybercriminals. These botnets can launch Distributed Denial of Service (DDoS) attacks against businesses, which flood a website till it crashes causing disruption to customers and costing the business money, time, clients and even their reputation.

DDoS attacks have been used by groups such as the hacktivist collective Anonymous to target the websites of companies or even local governments they disagree with.

While most consumers don’t need to worry about a DDoS attack (other than their devices potentially being recruited by these hackers to join a botnet), James Milin-Ashmore, has taken a detailed look at some common exploitation methods cybercriminals use and shared his recommended protections:

Exploitation Methods

Phishing Attacks

Cybercriminals use phishing techniques to gain access to smart home networks by tricking users into revealing their login credentials or installing malicious software. Once inside the network, attackers can control devices, steal personal information, or launch further attacks around other devices in the home.

James suggests: “To mitigate this risk, users should be vigilant about suspicious emails and messages, use strong and unique passwords for each of their smart devices, and enable multi-factor authentication wherever possible. Regularly updating device firmware throughout the home and using comprehensive security solutions can also help to protect against these threats.”

Unsecured Networks

If smart devices are connected to a home network without proper security (e.g., no WPA3 encryption), hackers can intercept and manipulate your traffic. A hacker could use a technique like man-in-the-middle attacks to intercept and alter communication between a smart lock and its app, potentially unlocking the door without authorisation.

James suggests: “To reduce these risks, consider segmenting your home network so that all of your smart devices are connected through a separate network rather than the one you use every day or that your phone and laptop connect to. Alternatively, ensure that you are using strong encryption protocols (like WPA3) for your Wi-Fi network and consider using additional protection such as a VPN for devices that contain more sensitive information.”

Bluetooth Based Malware

Bluetooth-based malware is an ongoing threat to smart home devices. This type of malware utilises vulnerabilities in Bluetooth protocols to infiltrate and compromise devices within a smart home. Once these devices are infected, hackers can manipulate smart home systems, eavesdrop on communications, or gain access to the broader smart home network.

James suggests: “To protect against Bluetooth-based malware, users should ensure their smart home devices are updated with the latest security updates while disabling Bluetooth devices that aren’t in use.”

Installing Malicious Apps and Firmware

Hackers can distribute malicious apps or firmware updates that, once installed, compromise the device. For example, installing a seemingly legitimate app for controlling smart lights from an unofficial source could introduce malware that spies on network activity or takes control of other connected devices.

James suggests: “By using network security tools, such as firewalls and intrusion detection systems, any anomalies can be identified. Strong encryption protocols ensure data security across the smart home, while regular firmware updates and security audits protect sensitive information and reduce cybersecurity risks to devices.”

James Milin-Ashmore, VPN Expert at Independent Advisor VPN adds:

“Many smart home device users are not fully aware of the security risks associated with these IoT devices and often aren’t knowledgeable about how to properly secure them. This lack of awareness can result in weak security practices, such as leaving default passwords unchanged or neglecting to update firmware regularly.

“This gap in knowledge and practices significantly increases the vulnerability of smart home ecosystems to cyber attacks and breaches. However, homeowners can significantly reduce these risks and safely enjoy the benefits of smart home conveniences by implementing proper security measures and staying informed about potential threats.”

Consumer Protection Measures

1: Think Network Wide

Consumers often prioritise securing individual smart home devices over applying security measures across their network such as using a router VPN. A router VPN provides centralised security for the entire network meaning that all devices that connect through that router are protected, rather than having to install a VPN or similar measures on an individual device.

2: Ensure Smart Device Firmware is up to date

Regularly update the firmware of all devices in your smart home to ensure they are equipped with the latest security updates.

3: Us Best Password Practice

Establishing robust, distinct passwords for each device will prevent hackers from guessing easily accessible passwords. In addition, wherever possible, activate 2FA to provide an additional layer of security, requiring a secondary verification method to access your smart devices.

4: Safeguard your Wi-Fi Network

Employ a robust and unique password for your Wi-Fi network and also, consider concealing the network name (SSID) to increase the difficulty of unauthorised users attempting to connect.

5:Regularly Monitor Device Activity in the Home

Keep a look out for any unusual activity on smart home devices, such as unexpected adjustments in settings or unidentified devices attempting to access your network.

See our latest issue here.