These things may be cool, but are they safe? | WeLiveSecurity

These things may be cool, but are they safe?

In the rush to embrace IoT devices, we shouldn’t trade in our privacy and security for the added convenience

In the rush to embrace IoT devices, we shouldn’t trade in our privacy and security for the added convenience

Ours is an interconnected world. We have smart doorbells, so we can check on our smartphones who rang, smartwatches to track our children’s’ locations, and fitness trackers to see how we are doing with our physical health. The Internet of Things revolution has even swept our households with a whole range of smart home appliances ranging from smart tea kettles to smart washing machines to smart fridges.

All of this makes life easier, but it doesn’t necessarily mean that it makes our life more secure. Being able to manage most of your household from your smartphone may be convenient, but are the gadgets you choose safe? Here are some of the Internet of Things (IoT) gizmos that may, for convenience’s sake, infringe on your privacy.

Child trackers and watches

The priority of any parent is to keep their children safe. In a bid to keep track of their offspring in a steadily more digitized world, some parents opt for smartwatches with tracking capabilities, so they can see where their little ones are if they go out on a playdate, and even communicate with them if need be. But not all kid trackers are a great choice – if you want to buy an off-brand smartwatch, you should most definitely be picky about what you’re choosing.

Unfortunately, manufacturers may have gaping holes in, for example, the security of their servers … and that could inadvertently put your children at risk instead of keeping them safe. Case in point:  with one smartwatch model, researchers were able to access the location, phone number, photos, and conversations of well over 5,000 children, due to the manufacturer not securing their servers properly. By no means is that an isolated case, children’s smartwatches have raised privacy concerns before; in fact, the European Commission even ordered a recall of one such product.

Smart doorbells

These days, you needn’t even get up from your bed or couch to see who’s at the door or even to open it. Well, that’s the convenience a smart doorbell in combination with a smart lock affords you; you can just check from your smartphone. You might think that the convenience is usually worth the price, with an extra safety boon that some doorbells record all of the movement that takes place in front of them.

While everyone can appreciate the effort to keep your family and home safe, you have to do your due diligence on smart doorbells before buying one. For example, researchers have found that some smart doorbells perform unexpected tasks. One particular model uploaded snapshots every time someone moved in front of them; you’d think that was normal but, curiously, there was no way to access these snapshots or find out where they were being uploaded. It’s better to thoroughly research what you are buying so you reduce the odds of being the one that’s eventually spied upon.

Cheap smart security cameras

Keeping up with the security theme, another popular type of IoT device is the smart security camera. People tend to install them to keep track of what is happening inside and outside of their homes or small businesses. Since they are IoT devices, logically they are connected to the internet and their safety depends solely on how well the connection and the data are secured. If a cybercriminal is able to hack the device and gain remote access to it, they have a direct feed into your home, which is safe to say the worst-case scenario.

Unfortunately, cheap IP camera models aimed at protecting your family and belongings are among the most-hacked devices. And since cheap devices are manufactured in a similar manner, they share similar vulnerabilities. It isn’t just direct attacks customers should worry about, but bugs as well. One such bug in a Xiaomi device shared random images from strangers’ homes with other camera owners.

Smart home hubs

The smart home hub is at the center of your connected home devices — metaphorically speaking, we can call it the brain of the whole operation. It unifies all of the IoT devices under it – such as your security cameras, your smart doorbell, lights, and whatever other smart gadgets – and helps control them from one convenient place. And smart hubs aren’t just used to monitor and control smart homes, but they’re used to control environments in businesses as well.

By now you may have an inkling of where this is going. If a vulnerability is found and exploited it could mean that the bad actors could gain full access to devices in these monitored systems and to the sensitive data they contain. ESET IoT Research has found numerous serious vulnerabilities in three hubs, some of which would open up their systems to attack.

Final thoughts

If you are in the market for IoT devices that will make your life easier and more convenient, there are a number of rules that you should follow:

  • Before purchasing anything, always do your research. Read up on the device you’re thinking of buying, consider reading user reviews, and see if they can be trusted. Search Google for the brand name, and even the model name, together with “security vulnerability” or a similar word combination. If there were any security issues, confirm that they have been resolved and no longer affect the device.
  • Refrain from buying off-brand devices, if you cannot verify how they secure your data or where they upload it. Saving on the purchase price of a device may come at a heftier cost later on, such as your data being stolen.
  • Once you purchase a device, always update its firmware to the newest possible version. If a patch is released, install it immediately, since they are usually aimed at making your device more secure. If you don’t: hackers can exploit vulnerabilities to access your devices, something that you might have prevented if you had installed the patch that addresses these issues.

Discussion