How Hackers Target Smart Home Devices

With more and more homes adding smart devices, hackers have more opportunities. Here's how they get in.

In late 2019, a hacker gained access to a family’s Ring smart camera and used it to encourage an eight-year-old girl to get into trouble. The FBI has also warned that hackers can do a “virtual drive-by” of your digital life by accessing unsecured smart devices.

It’s clear homeowners need to be diligent when it comes to protecting their smart home from attack. To better understand how hackers gain access to our smart devices, we asked Alan Grau, vice president of Internet of Things (IoT) for Sectigo, a provider of web security and automated public key infrastructure (PKI) management solutions, to share how devices can be compromised.

A Variety of Attacks

Hackers gain access to smart home devices in a variety of ways, depending on the security built into the device, according to Grau. There are almost as many different attacks as there are smart home devices that have been attacked.

Finding a Way In

First, a hacker needs to find a device to hack. This can be done using network scanning tools, or by searching for devices using Shodan, a search engine that catalogs devices connected to the internet. (You can also use Shodan to find vulnerabilities in your network so that you can fix them.) In some cases, the first device discovered is a home gateway or router. Once they find one smart home device to compromise, the hacker will repeat the process to find other devices to attack.

Getting In and Attacking

Once a smart device is found, the hacker needs to gain access. Some of the easier ways to hack into your smart devices revolve around your password. For example, some devices utilize default or hard-code passwords, and hackers share information on these passwords. Another exploits the tendency to use the same password on multiple devices and web-based accounts.

If a password is stolen in a data breach, hackers will try that password to log into other services and devices. This was a root cause of several well-known hacks to NEST doorbells and cameras, according to Grau.

Hackers also go after known vulnerabilities. Many smart home devices have security problems, known as Common Vulnerabilities and Exposures (CVEs). The CVE program, sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), is a way to report known security issues so companies can address them. But fixes don’t always happen quickly, and even when they do, devices in someone’s home may not be updated, said Grau. This leaves an opening for hackers.

Hackers may also exploit security flaws not publicly disclosed, or attack weak or outdated encryption algorithms.

Once the hacker has gained access, they can do a variety of nefarious things — setting up accounts to use later, installing malware or malicious firmware, stealing data or remotely controlling your device.

How to Protect Yourself

There are several ways you can protect your smart devices from attack. First, use complex and different passwords for all your accounts. Password manager apps like Myki Password Manager & Authenticator or LogMeOnce Password Management Suite Premium can help with this.

Next, if you bought your router a few years ago, upgrade to ensure that you have the best and most updated security possible. Finally, if you are given a password for a device, be sure to change it right away. A little prevention can go a long way toward keeping your home safe.

Alina Bradford
Alina Bradford is an award-winning writer of tech, health and science topics. Her work has been featured by CBS, CNET, MTV, USA Today and many more. Visit her website at alinabradford.com.