As if by bad magic! How to avoid scares and keep control of your smart devices

Earlier this year, the frightening case of a baby boy in Scotland made headlines: A stranger hacked into a family's baby monitor and was scaring the child every night. Who wants to get goosebumps because they find out they're being secretly filmed, such as a family in an Airbnb apartment in Cork in Ireland? Scary stories of strangers taking control of networked devices and their associated data happen all the time, whether it’s smart speakers or video surveillance cameras.

According to IoT market analysts around 127 new devices are connected to the internet every second. It’s spine-chilling how security and privacy concerns often take a back seat to ease of use. Projects like that of Swiss photographer Kurt Caviezel show that data from networked devices are often (too) easily accessible. The artist collected around 100,000 links to publicly available cameras by online searches - including images of the subjects captured by them, including such of private web and PC cameras.

Security researchers make spooky discovery

IoT devices are often the target of brute force attacks. Using specialized search engines, cybercriminals select devices with available connection protocols and automatically force common usernames and passwords. More detailed research always brings up a baby monitor or camera whose providers have set an easy-to-hack password.

According to Kaspersky, in 2022, company’s honeypots recorded more than 990 million global attacks against smart devices.

The number of attacks is especially frightening when considering that smart devices are mostly connected to the same network - regardless of whether it is private or for business. This means that the vulnerability of one device can affect the entire network. As a result, cybercriminals can not only manipulate the functions of the corresponding devices, but also access other stored information, including phones and computers connected to that network. This could potentially affect business related communications at home office, too, and end up becoming a serious security risk for companies.

“From smartwatches to smart home accessories, IoT devices are an essential part of our everyday lives, so cybercriminals have naturally switched their attention to this area. Some people believe they aren't important enough to be hacked but information is a valuable resource. We saw that as soon as users’ interest in smart devices rose, attacks also intensified. Most attacks are preventable and this is why we advise users of smart devices to install a reliable security solution, which will help them stay safe,” comments David Emm, Principal Security Researcher, Global Research and Analysis Team at Kaspersky.

To prevent your own devices from being “obsessed” and controlled by unsolicited guests, Kaspersky gives users of smart devices in the home network the following recommendations: 

• If you don’t need a particular function, or don’t plan to use it, disable it to reduce your attack surface.
• Before using the device, change the default password and assign a new one. When doing so, use long, complex and unique passwords for all your devices.
• Disable remote management. Modern routers often have a feature that allows you to change settings over the internet. This can be very useful in certain circumstances, but it also poses a security risk.
• Install the latest firmware updates on devices regularly, as this will fix vulnerabilities discovered since the previous update with appropriate patches.
• Products such as Kaspersky Smart Home Security, installed on a router by a telecom operator, monitor all connection attempts, filter out the ones that could be harmful for the router or connected devices, prevent taking control on home IoT devices by hackers and inform users about potential vulnerabilities of connected smart home devices.

More information about securing smart home devices can be found on Kaspersky blog.