What a pleasure it is when you tell the voice assistant to put the robot vacuum cleaner to work or when you receive a notification on your cell phone because what you are cooking in the air fryer is already ready, but what a shock when you discover that your washing machine has been hacked. And the Internet of Things brings a lot of advantages in terms of comfort, convenience and personalization, but also risks inherent to connectivity and unexpected: these are the types of attacks that your smart devices can suffer and how you can minimize risks.
While it is true that few people have their entire home automated, it is relatively common to have a smart TV at home and it is not uncommon to have a smart light bulb, a smart plug or a robot vacuum cleaner with an internet connection. We are becoming more and more encouraged and in addition, intelligent solutions are increasingly present among manufacturers’ options and their prices are becoming more democratized, so This risk grows as the number of connected devices increases..
But, Why are they going to hack something like the kitchen robot? Well, there are those who took the test to play Doom, but it is worth remembering that it has a built-in microphone and therefore, access to everything we say within its listening radius.
How can a smart device be hacked
Beyond computers, tablets or mobile phones, it can be hacked any device that has a processor inside and can connect to a network or receive information, such as Bluetooth or Wi-Fi.
From now on, the risk of suffering an attack It will depend on aspects such as the connection capacity and intensity, the information and permissions with which it works (what it has access to), whether or not it has a potentially vulnerable application to manage it, the protection implemented by the manufacturer and the updates.
From the previous point we deduce something to consider: the manufacturer and users have a lot to say. Just as we should not neglect updates and take advantage of the configuration options (be careful not to leave the password by default), the brand should offer update support.
As for how to get hold of the device and its information or insert programs inside, one of the most common and effective is Man-in-the-Middle (MitM), translated as man in the middle, which basically consists of intercepting communications. Likewise, and as can be deduced from what was explained above, they can also take advantage of security gaps that have not been corrected, default passwords and, if there is an application, attacks directed towards it.
What malware is installed on connected devices
Below we proceed to list which are the most important threats that affect smart devices and what their objective is, according to a recent report by the company specialized in security and software developer Kaspersky.
- For Distributed Denial of Service Attacks or, in short and in English, DDoS. Its operation consists of turning devices into bots that run malicious programs in order to launch this type of attacks on the server, from various devices, with the aim of stopping it from working.
- As proxy bots. Once infected, these devices serve as proxy servers that redirect malicious traffic, making them harder to track.
- Ransomware, this type of attack targets devices that store the user’s personal information, such as NAS. Thus, they hijack this data by restricting access through encryption and then demand ransoms to remove these restrictions.
- DNS change (to dangerous websites). There are attackers who enter routers and similar devices to modify the DNS configuration and thus point to malicious pages with different objectives (it can be stealing information, scams, etc.)
- For cryptocurrency mining. Paradoxically, despite the limited processing capacity of most of these devices, there are those who take control of them to mine cryptocurrencies.
How you can minimize hacking risks
As well as other devices mainstream They have specific privacy and security sections, in other cases, such as a light bulb, we will be faced with few options. In this sense it is convenient to take a look at the opinions of other users and their experiences, especially in the configuration, security and customer service section in case of possible incidents. Thus, it is worth betting on large and reputable brands, which a priori are more interested in improving the experience and generating adherence and will likely continue to exist in a few years to offer us support.
As we mentioned above, even if they are convenient, avoid default passwords and settings and if possible, choose a strong password and change it With some frequency. Likewise, during the initial configuration, carefully read the permissions you grant, think about what they are for and what the brand does with them. Being up to date is essential to avoid unpleasantness, but not only you, reading about attacks, but also your devices: as soon as an update comes out, do not delay installing it.
Sometimes we share too much information on the networks And, although it may seem silly, uploading a photo or providing data such as serial numbers or IP addresses can help make it easier for attackers.
Finally the router can be the gateway to many dangersthat is why it is advisable to carry out certain maintenance measures and take care in its configuration to avoid intruders.
Cover | Photo by Onur Binay on Unsplash
In Xataka Home | Your Airbnb may have a hidden camera in places you don’t even imagine: frequent places and how to detect them