Smart homes ‘face 12,000 hack attacks every week’: Fake home set up with smart products to see how much they would be targeted revealed stunning extent of vulnerabilities, campaign groups says
- Major investigation uncovered widespread targeting devices by cyber-crooks
- Busiest week logged 12,807 attack attempts, including 2,435 bids to crack passwords
- ieGeek wireless camera was easily hacked, allowing a snoopers to access video feed to spy on testers
Smart homes could be exposed to more than 12,000 hacking attacks every single week, an investigation has revealed.
Households in the UK have on average more than ten different connected devices, from televisions to thermostats.
Working with security specialists NCC Group and Global Cyber Alliance, Which? consumer watchdog set up a fake home with smart products to see how much they would be targeted.
In the busiest week, it found 12,807 scans or attack attempts against the devices, including 2,435 bids to log on via a weak username and password.
Probe found 12,807 scans or attack attempts against the smart devices in a week
That equates to 14 attempts every hour by hackers to infiltrate the devices. Most of the time, the basic security protections in the devices were able to stop them – but that was not always the case.
The ieGeek wireless camera was easily hacked and compromised, allowing a cybercriminal to access the video feed and spy on the testers.
Which? said it was vital the Government pushes forward with plans for legislation to require connected devices to meet security standards.
Kate Bevan, the watchdog’s computing editor, said: ‘Consumers should be aware that some of these appliances are vulnerable to hackers and offer little or no security.’
Hackers target smart devices with ‘botnets’, which probe for new unsecure devices, such as routers, wireless cameras and connected printers coming online before forcing their way past weak default passwords.
Households in the UK have on average more than ten different connected devices, from televisions to thermostats
As soon as Which? connected the home to the internet they were being surveilled – with spikes of activity during the 9am-6pm period of the typical UK working day.
This suggests that criminals know this is when people will be using their devices, potentially for work during the pandemic, and so they have more chance of hitting a target.
The hacking traffic comes from around the world, but the vast majority appears to originate from the US, India, Russia, the Netherlands and China.
Testers looked for unique scanning attempts – a technique used to locate online devices that exists in a legal grey area and is a potential gateway used by hackers – and hacking attempts, which are a clear breach of the Computer Misuse Act.
Ms Bevan added: ‘There are a number of steps people can take to better protect their home, but hackers are growing increasingly sophisticated. Proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.’
Based on Which?’s experiment, nearly all (97%) attacks against smart devices are to add them into the sprawling Mirai botnet.