SCARY: Computer experts show how easy it is to hack off-the-shelf smart devices like baby monitors and home security cameras

Is anyone truly secure in their home? That may not be the case in a world where bridges are being connected by rapidly improving technology. And with off-the-shelf smart devices becoming increasingly common features in homes, it seems that it’s easier than ever to invade the sanctity of a personal space.

This was demonstrated by researchers from the American Associates Ben-Gurion University of the Negev (AABGU). Their main body of work focuses on identifying the vulnerabilities of networks and devices in the home. As part of that continuing effort, the team took apart and reverse engineered a slew of gadgets commonly seen in most homes. Through this, they were able to discover that a number of security issues plagued baby monitors, doorbells, thermostats, and home security cameras.

The biggest of these issues lay in the passwords. For one, common default passwords are shared by the same products even if they’re sold under different brand names. Very rarely do business owners and consumers come up with new device passwords after buying these products, so there’s a good chance they’ve been using an unsafe password for as long as they’ve been using a certain device. Moreover, retrieving the password stored in a device allowed the researchers to access entire wi-fi networks.

“It only took 30 minutes to find passwords for most of the devices and some of them were found only through a Google search of the brand. Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely,” explained researcher and Ph.D. student Omer Shwartz. (Related: How to encrypt your hard drive, and why you should.)

“Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products,” said AABGU lecturer Dr. Yossi Oren. “It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices.”

Oren added that manufacturers should take extra steps in safeguarding their consumers. These steps can include disabling remote access, implementing complex passwords that are harder to crack, and making it more difficult for hackers to gather information from shared ports such as audio jacks.

That being said, consumers can protect themselves too. Oren and his laid out a few tips for people to keep in mind before and after buying Internet of things (IoT) devices:

  • Buy from trusted manufacturers and vendors: Do your own research before purchasing any IoT devices. Also, choose to buy new devices instead of used ones. Cheaper isn’t always better, especially in this case. As per, there have been more cases of highly vulnerable cheap devices than there have been pricey devices.
  • Keep an eye on your passwords: Some devices come with a default password, so make it a point to look them up so that you can change them before installation. Strong passwords with a minimum of 16 characters (with both letters and numbers) are the best kind of passwords. Furthermore, try to use different passwords for your various devices for that extra layer of security.
  • Avoid peer-to-peer-capable devices: IoT devices that boast peer-to-peer capabilities are hard to protect because they’ve been configured to connect to the Internet by any means possible. While it seems like a handy feature at first, it’s anything but since they become easier to access remotely.
  • Update as much as possible: Without regular patching, IoT devices become even more vulnerable. So try to update them often, and only get those updates from secure and reputable websites.

Protect yourself on the Internet by visiting for more guides on cybersecurity.

Sources include:

value="Enter your email address here..." style=" border-radius: 2px; font: 14px/100% Arial, Helvetica, sans-serif; padding: .2em 2em .2em;" onfocus="if(this.value == 'Enter your email address here...') { this.value = ''; }" onblur="if(this.value == '') { this.value = 'Enter your email address here...'; }" />

style="display: inline-block;

outline: none;

cursor: pointer;

text-align: center;

text-decoration: none;

font: 14px/100% Arial, Helvetica, sans-serif;

padding: .2em 1em .3em;

text-shadow: 0 1px 1px rgba(0,0,0,.3);

-webkit-border-radius: .2em;

-moz-border-radius: .2em;

border-radius: .2em;

-webkit-box-shadow: 0 1px 2px rgba(0,0,0,.2);

-moz-box-shadow: 0 1px 2px rgba(0,0,0,.2);

box-shadow: 0 1px 2px rgba(0,0,0,.2);"


comments powered by Disqus