- Check Point Software indicates a sharp rise in the number of cyberattacks aimed at IoT devices, observed in all regions and sectors. Europe experiences the most incidents per week with an average of nearly 70 IoT attacks on organizations each week (WEF).
- “Smart homes” can certainly make life easier, but they also open the door for hackers. Recent research showed that smart homes can experience up to 12,000 break-in attempts per week. And most people don’t even know this is happening.
As many as 75% of Poles have at least one smart device in their homes and 60% wish to control all household devices from one application. Worldwide, over 37 billion home IoT devices are connected, and this number is expected to grow to 38.6 billion in 2025, and then 50 billion by 2030. However, convenience and comfort can come at a high cost – devices can represent a hidden loophole in security and increase the risk of being a victim of cybercrime, warn experts from Check Point Software.
The costs of cyber attacks are high – studies by PSAcertified show that the average cost of a successful attack on an IoT device exceeds $330,000. According to the latest Business Insider report, hackers can take control of a home and disable smart locks and other sensitive electronic devices even from a distance of 360 feet using a simple $14 laser pointer!
Although technology is gaining popularity, experts from NASK warn that it can pose a serious threat. Any device connected to the network can be hacked and used for cyber attacks. Such devices can become so-called “zombie bots”, used by hackers for criminal activities and, in the case of our home, cause a significant breach of the budget.
“Home IoT devices are prime targets for advanced cyber threats due to the perfect combination of vulnerability to threats and high value. They often contain many security flaws, uncertain integration, outdated software, faulty configurations, exposed services, and poorly designed security features. These devices – serving millions of users – are key elements of modern digital infrastructure, linking millions of users. A single loophole can lead to widespread breaches, threatening and affecting entire networks and disabling basic services,” emphasizes Antoinette Hodes, a cybersecurity expert at Check Point Software Technologies.
Check Point Software indicates a sharp rise in the number of cyberattacks aimed at IoT devices, observed in all regions and sectors. Europe experiences the most incidents per week with an average of nearly 70 IoT attacks on organizations each week (WEF).
Security Boulevard estimates that IoT devices account for 30% of all endpoints connected to the network, creating opportunities for new attacks and supply chain security gaps, making many firms and individuals targets of cybercriminals. According to a Rambus report, an estimated 80% of IoT devices are vulnerable to a wide range of attacks.
Check Point explained how cybercriminals exploit household items connected to the Internet to spy on people and track them. As homes become increasingly technologically advanced and connected, the role of home gateways – devices connecting home networks to the Internet – has become more critical than ever. These routers, once considered simple channels for Internet access, are now the gatekeepers of entire smart ecosystems, controlling everything from security cameras to connected devices. But this convenience comes at a cost: routers are increasingly the target of cybercriminals, so reliable security measures are essential.
Even though a smart fridge notifying you when you are low on milk seems harmless, experts examined whether users of smart home technology are more vulnerable to cyber attacks and malware due to the numerous unprotected devices connected to the Internet in their homes.
Landscape of a Growing Threat
Malicious attacks on vulnerable smart home systems can not only damage the device or disrupt its functionality, but often they are just a step into cybercriminal activities. Smart home devices often collect and transmit personal data. If cybercriminals break into these devices, they can gain access to sensitive personal data, such as user habits, schedules, and even voice and video recordings, which can be sold to third parties, and exploited inappropriately.
This data is often used to try to sell you products that may interest you, but in more extreme cases, it may include financial information, such as your credit card data, which criminals can sell on the darknet. Attacked IoT devices can also be taken over by the attacker to create botnets, or networks of infected devices controlled by cybercriminals. These botnets can launch Distributed Denial of Service (DDoS) attacks on companies, which flood the website until it fails, causing disruption to customers and costing the company money, time, customers, and even its reputation.
“As remote working and smart homes become more popular, routers have become a prime target for cyberattacks. Attackers exploit the weaknesses of consumer-grade devices, targeting vulnerable routers to infiltrate home networks. These breaches are not limited to isolated cases of data theft; they can threaten entire networks, causing destructive consequences such as financial fraud, ransomware software attacks, and spying,” explain Check Point experts.
Attacks on IoT devices such as refrigerators, vacuum cleaners, televisions, lamps, or even toothbrushes can invade users’ privacy, and ultimately result in data theft. According to a report published by the Swiss newspaper Aargauer Zeitung, 3 million smart toothbrushes were infected by hackers and taken over by botnets. The source report indicates that this army of interconnected tooth cleaning tools was used in a DDoS attack on a Swiss company’s website, which collapsed under the strain, reportedly resulting in losses estimated at millions of euros. “Any device connected to the Internet could be a potential target or could be used for an attack,” explained a cybersecurity expert quoted in the Swiss newspaper.
Another example of a “dangerous home device” is a refrigerator equipped with a camera that can be remotely controlled, with a hacker able to gain access to this image and track the actions of the household members. The device can pass on information about dietary preferences and purchases, which can later be used to direct personalized phishing attacks.
In 2017, the Federal Trade Commission (FTC) levied a fine on TV manufacturer Vizio for collecting user viewing histories on its smart TVs for targeted advertising. Hackers can collect the same information to inform spear phishing attacks or learn more about the user to more effectively bypass passwords and security questions. Some smart TVs also come with microphones that cybercriminals can use to eavesdrop on users.
Other examples of IoT-based attacks include botnet infections, transforming devices into zombies to participate in distributed “denial of service” (DDoS) attacks, ransomware attacks, and spreading, as well as mining cryptocurrencies and using IoT devices as proxy servers for the darknet.
From smart TVs to baby monitors and even intelligent devices and bulbs – anything at home that connects to Wi-Fi is susceptible to hacker attacks.
In August 2023, analysts from UK and Italian universities jointly published work on cryptographic security gaps in a widely known model of “smart” bulbs – one of the best-selling and most popular bulbs of its kind. As it turns out, many IoT devices, like the bulb in question, are designed to be easily configured via Wi-Fi. The scientists proved that a potential hacker could impersonate an access point and force the victim to connect to their network instead of to the bulb. This is possible, as the authentication process does not use secure standards.
“Any device connecting to a Wi-Fi network is like a new entrance to the home. Many users of smart home devices are not fully aware of the security threats associated with IoT devices and often lack knowledge of how to properly secure them. This lack of awareness can result in poor security practices, such as leaving default passwords unchanged or neglecting regular hardware software updates,” emphasizes Wojciech Głażewski, director of Check Point Software in Poland.
Many IoT devices, such as smart toasters, fridges, lighting, plugs, and even toothbrushes prioritize convenience and ease of use, meaning they often connect directly to the network without any additional security measures such as two-factor authentication. Having one or two devices that are unsecured, still poses a risk, but in most cases, it probably won’t be a problem.
The more devices at home, the greater the risk
“Smart homes” can certainly make life easier but they also open the door for hackers. One of the recent studies revealed that smart homes can experience up to 12,000 break-in attempts a week. Yet most people aren’t even aware that such a thing is happening.
IoT devices can also be an entry point to other devices in the home network – cybersecurity experts stress. This way a simple home IoT device can become an access point to the router and, ultimately, to the work laptop.
“As per our consumer research, including highly tech literate individuals, we all focus on securing smartphones and computers (laptops, tablets, or desktops), which are often connected to home IoT devices. While the level of security from the smartphone to the IoT device is high, the reverse, i.e., from the IoT device to the smartphone, is minimal. This leads to a range of threats – from physical home theft to stealing the personal information of the majority of household members. Devices connected to the network paired with our smartphones or computers give cybercriminals huge opportunities to even learn about our eating habits,” says Leszek Cieloch, expert at the European Security Group (ESG) and Business Journal Polska, co-author of the report.
Government regulatory bodies are working on a cybersecurity safety labeling program, under which devices meeting security standards will be able to be marked with a special certificate. However, until this program is implemented, users have to take care of their own security and review individual device security features.
Devices for smart homes have gained huge popularity in a relatively short time. Although the proliferation of connected gadgets is convenient, it also poses serious security risks. Connected fridges and light bulbs are not inherently harmful to most people – and that’s part of the problem.
As smart homes become more popular, the risk will only increase. Education is the first step in combating these threats, so here are some of the most popular and surprising smart home devices that can be risky.
“This gap in knowledge and practices significantly increases the vulnerability of smart home ecosystems to cyber attacks and breaches. Homeowners, however, can substantially reduce these risks and enjoy the convenience of a smart home safely by implementing appropriate security measures and staying updated on potential threats,” concludes Wojciech Głażewski from Check Point Software.
Source: https://managerplus.pl/domowe-urzadzenia-iot-na-celowniku-hakerow-11006