Israeli hackers breach baby monitors, smart homes in 30 minutes
Smart home security: in its infancy, suggest researchers

Israeli hackers breach baby monitors, smart homes in 30 minutes

NEWSBYTE: Researchers at Ben Gurion University in Israel have found that a variety of off-the-shelf smart home devices, including security cameras, doorbells, and baby monitors, are extremely easy to hack.

“It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices,” said Dr Yossi Oren, a senior lecturer in BGU’s Department of Software and Information Systems Engineering.

BGU researchers discovered several ways hackers can take advantage of poorly secured devices. They discovered that similar products under different brands share the same common default passwords.

“It only took 30 minutes to find passwords for most of the devices and some of them were found through a Google search of the brand,” said PhD student Omer Shwartz, a member of Dr. Oren’s lab.

Consumers and businesses rarely change device passwords when purchased so devices could be operating with malicious code for years, added researchers, who were also able to log on to Wi-Fi networks simply by retrieving the password stored in a device.

Dr. Oren urged manufacturers to stop using easy, hard-coded passwords, to disable remote access capabilities, and to make it harder to get information from shared ports, like an audio jack (which was found to be vulnerable in other studies by [email protected] researchers).

“It seems getting IoT products to market at an attractive price is often more important than securing them properly,” he said.

Read more: Vendors, users ignoring IoT security in rush to market – report

A plan for smart home safety

Dr Oren’s team have proposed a seven-point plan for the safe use of smart home products.

1. Buy IoT devices only from reputable manufacturers and vendors.
2. Avoid purchasing used IoT devices. They could already have malware installed.
3. Research each device online to determine if it has a default password. If so, change before installing.
4. Use strong passwords with a minimum of 16 letters. These are harder to crack.
5. Multiple devices shouldn’t share the same passwords.
6. Update software regularly – something only reputable manufacturers will provide.
7. Carefully consider the benefits and risks of connecting any device to the internet.

Read more: Alexa beware! New smart home tests reveal serious privacy flaws

Read more: Security camera riddled with 13 serious security flaws 

Read more: UK government proposes IoT security and device labelling scheme

Internet of Business says

We have published a number of stories that share a similar theme recently. The lesson is twofold. First, as the popularity of IoT devices and smart home gadgets increases, so will the media noise surrounding them. And second, it seems as if manufacturers – many of them with zero track record in cybersecurity – are indeed rushing products to market with basic security flaws easily exposed.

Read more: IIoT security: How to secure the Internet of Threats, by IBM

Chris Middleton
Chris Middleton is the editor of Internet of Business, and specialises in robotics, AI, the IoT, blockchain, and technology strategy. He is former editor of Computing, Computer Business Review, and Professional Outsourcing, among others, and is a contributing editor to Diginomica, Computing, and Hack & Craft News. Over the years, he has also written for Computer Weekly, The Guardian, The Times, PC World, I-CIO, V3, The Inquirer, and Blockchain News, among many others. He is an acknowledged robotics expert who has appeared on BBC TV and radio, ITN, and Talk Radio, and is probably the only tech journalist in the UK to own a number of humanoid robots, which he hires out to events, exhibitions, universities, and schools. Chris has also chaired conferences on robotics, AI, digital marketing, and space exploration, and spoken at numerous other events.