Tag

Smart Home

Browsing

It’s the age of Alexa, Nest, Ring, Echo and countless other smart devices. With more devices than I can list hitting the market it’s important that every parent take precautions to secure your smart home devices from hackers.

Smart devices have been in the news and it hasn’t all been great PR. In December 2019 hackers managed to speak with 8-year-old girl through her family’s Ring camera. Other families have reported bad actors hacking baby monitors.

Hackers are a creative bunch, but their access methods are not always complex. In many occasions the hacker actually logs into the device using the correct username and password.

In this article we discuss various ways that hackers obtain your account details and how to protect your family.

Gaining Access

The movies might have us believe that hacking involves working late into the night, downing Red Bull, and wearing a hoodie. Techno music optional.

The fact is that many hackers look for the simplest path to achieve their goal. “Work smart, not hard” is the hacker mantra. So how do they access your devices using the path of least resistance?

They Ask

Yup. The old saying “ask and you shall receive” is well and good in Hackertown.

It’s the easiest method by far for a hacker to gain access to your smart home devices. This could come in the form of a phishing email. Anyone who takes the bait will soon find their account compromised. While some of you may scoff that someone would fall prey to phishing attempts, these aren’t your granddad’s phishing emails. These have become very convincing and sophisticated.

Hackers prey on our sense of urgency. The email will usually say that your account has been compromised and you must log in ASAP. The email looks legit with proper colors, logos, and it even sounds official. So you click a link. On the landing page you notice it looks just like the [insert smart home device] page should.

So you change your password on the fake site. Heck, the hackers might even send a confirmation email so you can log into their fake site. By this point they have already accessed the real site and are causing havoc that you will only discover later.

The Defense

Phishing emails have been around for a long time and we will continue to see them. This is because they are very effective. Your best defense is to never, ever, not ever, don’t even think about it, and NEVER, click a link in an email warning you about a breach or compromised account.

If you do receive such an email then open a new browser window and directly enter the site’s URL. Yea, it’s an extra step and links are so easy to click. However, it’s because links are so easy to click that hackers keep on phishing.

They Crack It

Accounts with simple passwords crack easier than an egg at the diner. Hackers know this and use it to their advantage. Programs exist and can be easily purchased on the dark web that enable a hacker to try thousands of passwords in the blink of an eye. A weak password will fall with this type of brute force assault.

So, wise one, you’ve decided to pick a crazy word from the dictionary. Who would ever guess snickersnee (a long knife, FYI) is your password? The hacker using a dictionary attack would get it.

The Defense

Modern password standards from NIST suggest that you create passwords that are 20+ characters. You can string together several words and separate with special characters. So now you might use

snickersnee!abibliophobia$malarkey#dog

I’m guessing the last word was a bit of let down, but I only know so many odd words. Also, don’t use this password now that it’s on the web.

A final tip is to change your password if someone else learns it. Seems pretty basic, but how many friends have you shared a Netflix account with where the password is the same as another account?

Previous Hacks

By now most adults and tech-savvy kids know that big companies get hacked. They likely get hacked more than is reported in the news. And it makes sense why. A large company, such as Target, is a gold mine for hackers. Personally identifiable information (PII) sitting in databases ripe for the taking!

Unfortunately, if the username/password combo to login to your Target account is the same as your Ring account you have an issue. When Target was hacked and data on 110 million shoppers was stolen, you best believe that hackers were trying the same username/password combos on multiple other accounts. To increase their return on hack they likely sold the data to other bad actors on the dark web.

Guess how the hackers accessed Target’s computer system? Yup, a phishing email targeting an employee at an outside vendor. Beware the phish.

The Defense

To secure your smart home devices don’t reuse passwords across accounts. Yes, your email address is likely the same or one of a very small set. However, the number of password options is truly unlimited. Use wonky words, consult an online password generator, or do whatever it takes to generate strong passwords unique to each account.

You’re probably thinking “Great! Another thing for me to remember. Thanks, Daryl!”.

I counter your frustration with the recommendation of a password manager such as Dashlane or LastPass. These solutions come in free and paid versions. They will help you log in to different accounts without you having to remember each individual password. Pretty helpful!

To make it even better these solutions provide a password audit. They will flag accounts that share the same password so you can update as necessary.

Additional Steps to Secure Your Smart Home Devices

We’ve gone over a few methods hackers use to access your devices and some prevention tips. I’ll round out this post with a few additional thoughts.

  1. Utilize Two Factor Authentication (2FA) when the option is available. When enabled, 2FA requires that a code be sent to your phone or you receive a code from a trusted app. To access a site you must enter the proper code. Yes, this makes checking your bank statement more difficult. However, it serves to protect you from hackers as the code is typically time sensitive and lasts for seconds up to a few minutes.
  2. Avoid clicking links as I mentioned in the phishing section above. It’s so important that it’s worth stating again. Don’t click links. Do manually enter the site in the address bar.
  3. Practice good password hygiene so that in the event one account is compromised your other accounts are still secure.
  4. Use a firewall to lock down and secure your smart home devices. This won’t compensate for reused passwords, but it will prevent hackers from exploiting open ports that provide easy access to your home network.

Hackers are smart people and they are getting smarter by the day. Low cost hacker tools can easily be purchased on the dark web making even an amateur a threat. The above steps will help to protect you and your family from unwanted digital invaders. Stay smart, keep passwords unique and challenging, and remember that it’s never too early to discuss strategies to stay safe online with your kids.