Common passwords shared across brands leave smart home tech open to hacking

Israeli security researchers claim it just takes a quick Google search to find login details

Researchers at Israel's Ben-Gurion University have found that smart home devices can be easily hacked and then used to spy on their users.

According to a research paper, Yossi Oren of Ben-Gurion University's software and information systems engineering department said that there were a number of ways hackers can take advantage of poorly secured devices.

Advertisement - Article continues below

Such devices include baby monitors, home security and web cameras, doorbells, and thermostats. 

They discovered that similar products under different brands share the same common default passwords. Consumers and businesses rarely change device passwords after purchasing so they could be operating infected with malicious code for years.   

Researchers were also able to log on to entire Wi-Fi networks simply by retrieving the password stored in a device to gain network access.

"It is truly frightening how easily a criminal, voyeur or paedophile can take over these devices," said Dr. Yossi Oren, a senior lecturer in BGU's Department of Software and Information Systems Engineering.

"Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products."

Omer Shwartz. a PhD student and member of Oren's lab, said that it only took 30 minutes to find passwords for most of the devices and some of them were found "merely through a Google search of the brand".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Once hackers can access an IoT device, like a camera, they can create an entire network of these camera models controlled remotely," noted Shwartz. 

Oren urges manufacturers to stop using easy, hard-coded passwords, to disable remote access capabilities, and to make it harder to get information from shared ports, like an audio jack which was proven vulnerable in other studies by Cyber@BGU researchers.

"It seems getting IoT (Internet o Things) products to market at an attractive price is often more important than securing them properly," he said.

Yael Mathov, a Masters student who also conducted the research, said that he hoped the findings hold manufacturers more accountable and help alert both manufacturers and consumers to the dangers inherent in the widespread use of unsecured IoT devices.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
Visit/software/video-conferencing/355180/zoom-does-not-use-end-to-end-encrypted
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020
Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/security/data-breaches/355173/marriott-hit-by-data-breach-exposing-personal-data-of-52-million
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020