Hackers might use your smart home devices to break into your home and spy on your kids
Household devices that are controlled through the internet might allow burglars to break into your home and spy on your kids, according to an investigation carried out by Mirror Online.
The dozens of appliances, devices and children’s toys that can be connected to Wi-Fi servers can pose a real risk if they are not fully secure. Denis Makrushin, from security firm Kaspersky Lab, said: “Cyber attacks conducted by seemingly harmless connected devices are no longer just the stuff of movies, or even of the future. They are a very real and current threat.
“As more devices have connectivity built-in, users urgently need to realise they must employ the same level of security for mobile phones and computers.”
The Daily Mirror challenged Rob Shapland, a top hacker from First Base Technologies, a company used by banks, supermarkets and the government to find holes in their online security, to reveal the secrets.
Shapland first tried to access a Daily Mirror’s journalist’s British Gas Hive Active Heating account. Its purpose is to allow customers to heat their homes remotely and programme a turn the heating on or off schedule. The users can log in by providing their email address and a password. Rob Shapland showed how easy it was to hack into the device and obtain the journalist’s home address and holiday dates. The hackers need to start with the name of teh victims. After this, they trace their social media accounts.
Rob said: “Through the ‘forgot my password’ link and specific Google searches, we were able to work out your email address. By doing the same on another social media site we filled in the missing gaps.”
After he downloaded the app, Shapland only had to tap in the journalist’s email address and password. In an attempt to deter the hacker’s efforts, the journalist tried to reset her password. However, a quick search of her email address against previous data hacks revealed her password, the same one she previously used.
“It was a very quick and simple hack giving me access her full address and dates of a forthcoming holiday, programmed in to stop the heating coming on while she was away,” Shapland said.
“The previous data hacks are databases of illegally harvested information posted by hackers online in secret areas of the web. For example, Carphone Warehouse was the victim of an attack that compromised 2.5 million customers.
“Most people use the same passwords so I was able to access the heating app instantly.
He also warned: “It is important to use different combinations for all devices – even if you think it doesn’t hold any financial information. We’ve demonstrated here how easy it would be to rob your home.”
The price you would be willing to pay to protect your home is directly proportional to the safety level you will receive. This way, security cameras offer many advantages, but only if they are managed by reputable brands.
Steven Chen, chief executive of PFP Cybersecurity, commented: “Cheap webcams are mostly from untrusted sources, without any protection or very limited.
“Never mind high-definition resolution and motion detection capabilities. Firmware is one of the most important things to consider when you buy a camera, whether it’s for keeping tabs on your baby or watching for burglars. And updates are essential as they keep internet-connected devices secure against hackers’ ever-evolving attacks. Without them security holes get easier to find and harder to plug.”
Rob Shapland showed how hackers could be watching you and your family without your knowledge. Around 100,000 British devices are believed to be at risk of this method of spying.
He explained: “By using a piece of software intended for security analysts but known to be abused by hackers, I was able to see which webcams in the area are still on the default setting – meaning there is no password.
“Some cameras are pre-configured to be accessible via an app, which hackers can access by using the default password.
“Others, which are meant to be only accessible inside your home, such as a camera being used as a baby monitor, are made accessible over the internet when used away from the property – such as if you wanted to monitor your child while they are with a babysitter.
“When choosing to make the camera internet-accessible, it can be very easy to forget to change the standard password, or even to set up a password at all – giving the hackers access just like it did for me meaning I could see directly into the children’s bedroom.”
He advised: “If you need to be able to access your webcam while you’re not at home, make sure it asks you for a password. Don’t use anything that doesn’t allow you to set a password.”
Cyber crime is worth almost £34 billion a year. Six billion people have fallen victim to it in 2016. Among them, 1.4 million reported computer virus attacks, while 650,000 emails and social media profiles were stolen.
Security expert Hugh Simpson from Zyxel explained: “There are some basic practices that should be followed by everyone, from individual home users to the largest global enterprises. These include using strong different passwords, regularly checking for and installing software updates and implementing appropriate security software.
“These updates keep internet-connected devices secure against hackers’ ever-evolving attacks. Without them security holes get easier to find and harder to plug.”