Israeli researchers say smart home devices can be hacked, then spy on its users

March 15, 2018 by JNS
Read on for article

Researchers at Israel’s Ben-Gurion University have revealed that off-the-shelf smart devices like baby monitors, air conditioners, robot floor cleaners, cameras and doorbells can be corrupted by malware and used to spy on users.

The popular iRobot Roomba. Smart home devices like this can corrupted by malware and used to spy on users, according to Israeli researchers.
Photo: Wikimedia Commons

In a paper appearing in Smart Card Research and Advanced Applications, Yossi Oren of Ben-Gurion University’s software and information systems engineering department revealed that almost any nonstandard computing device that can connect to a wireless network can be used to transmit data.

The senior lecturer noted that many web-connected devices “lack even basic security protections such as secure password authentication,” and that thousands of “Internet of Things” devices are infected with malware, with many more left vulnerable.

The researchers conducted a test and were able to reverse engineer several home devices using low-cost methods, uncovering serious security issues.

“It is truly frightening how easily a criminal, voyeur or pedophile can take over these devices,” said Oren. “Using these devices in our lab, we were able to play loud music through a baby monitor, turn off a thermostat and turn on a camera remotely, much to the concern of our researchers who themselves use these products.”

The BGU researchers discovered that the same default passwords are used for similar products sold under different brands, and that consumers and businesses rarely change them after purchase.

The paper urged consumers not to buy used devices that could already have malware installed and to change passwords after purchase.

JNS

Speak Your Mind

Comments received without a full name will not be considered
Email addresses are NEVER published! All comments are moderated. J-Wire will publish considered comments by people who provide a real name and email address. Comments that are abusive, rude, defamatory or which contain offensive language will not be published

    Rules on posting comments