AN investigation into smart home gadgets has revealed that crooks can hack into your home network and connected appliances in just four days.
Gadgets such as the Amazon echo and Cloud Pets soft toys are all susceptible to being hacked by cyber criminals, research shows.
The investigation was undertaken by consumer group Which? to test whether popular smart gadgets and appliances in homes could stand up to a possible hack.
The consumer body said: “With so many new and different products entering the market, [we’re] concerned that some appliances pose a risk to consumer security and privacy.”
The group set up a home with a host of smart gadgets – from wireless cameras, to a smart padlock and a children’s Bluetooth toy – and hired a team of ethical security researchers, SureCloud, to hack them.
It found that while some of the devices proved harder than others to infiltrate (such as the Amazon Echo), eight out of 15 appliances were found to have at least one security flaw.
They include the Virgin Media Super Hub 2 router, which SureCloud was able to gain access to in just a few days.
And the CloudPets stuffed toy, which enables family and friends to send messages to a child via Bluetooth, was hacked into by SureCloud – which was then able to make it play its own voice messages.
In light of the investigation, the majority of manufacturers included have beefed up their software and security.
Virgin said that as well as informing 800,000 customers to update their password, it is also in the process of upgrading its customers to the more secure Super Hub 3.
A Virgin Media Spokesperson said: “The security of our network and of our customers is of paramount importance to us. We continually upgrade our systems and equipment to ensure that we meet all current industry standards.”
Smarter, whose coffee machine was included in the investigation, said: “Smarter takes product and customer security very seriously and prides itself on embedding state-of-the-art protective technologies into every layer of end-to-end ecosystem.”
Amazon, despite being a “largely secure device” also contained at least one security flaw, Which? found.
In response to claims that hackers could access people’s Echo gadgets and potentially order goods from their account, Amazon said: “Orders placed with Alexa for physical products are eligible for free return.”
How to enhance the security on your smart gadgets and devices
- SET strong passwords: Many smart devices come with generic default passwords that are easy for hackers to guess. Set a strong and unique password, ideally with a jumbled mix of letters, numbers and special characters
- Update your software: Keeping software or firmware updated means that the latest security is installed on the device
- Complete the set-up: All smart devices should be connected to a secure wi-fi network. This is because many use their own wi-fi during the set-up process which, if left unsecured, is an easy target for attackers located within range of the device
- Location, location: Be mindful of where devices are located in the home. Those close to windows or behind thin doors can be more easily accessed from outside.
Will Liu, country manager at TP-Link UK, said: “Security and privacy are a top priority for TP-Link.
“The Which? report shows how important it is for consumers to keep their network and data safe. Since the magazine reviewed our Smart Plug we have tightened security via our Kasa App, which controls all our smart devices.”
Alex Neill, Which? managing director of home products and services, said: “There is no denying the huge benefits that smart-home gadgets and devices bring to our daily lives.
“However, as our investigation clearly shows, consumers should be aware that some of these appliances are vulnerable and offer little or no security.”
Which? added that despite the popularity of these products and the benefits they bring, they believe that wider action is needed to close security loopholes so that the maximum benefits to consumers are realised.
“The industry must take the security of internet-enabled and smart products seriously, by addressing the basics such as ensuring devices require a unique password before use, using two-factor authentication, and issuing regular security updates for software,” they said.