How Worried Should You Be About Smart Home Security?

[♪INTRO] One Friday in October 2016, a big chunk of
the Internet went missing. The internet company Dyn, which routes traffic
to Twitter, Netflix, and thousands of other sites, had been paralyzed by bogus requests
from hundreds of thousands of computers, all infected with a malicious software called
Mirai. But these weren’t any old computers. Many were webcams, smart light bulbs, fitness
trackers, and other everyday devices that connect to the internet. Collectively, they’re known as the Internet
of Things, or IoT. As these gadgets gain new abilities, like
how a wi-fi enabled doorbell might be able to unlock your front door, they also offer
fresh opportunities to cybercriminals. So just how worried should you be about that
smart toaster? And what can we do to make our stuff safer? Internet of Things gadgets are vulnerable
to the same takeovers as regular computers. But their access to the physical world can
make the consequences much bigger. For instance, if your livestreaming dog monitor
is hacked, your private data can be exposed — things like pictures of your family or
the layout of your house. Or someone could make your kid’s wi-fi enabled
talking teddy bear say anything. That’s pretty creepy, but it gets even scarier
when you replace the teddy bear with a home security system, a car, or a pacemaker. The damage isn’t limited to the thing that’s
been hacked, either. A lot of these devices, and sometimes even
your laptop, assume that they can trust other machines connected to your home wi-fi network. So if your smart water bottle is compromised,
the hacker might be able to send commands to the smart lock on your door, too. Now, there are also serious risks beyond individual
owners. The most common thing that hackers do with
their machine victims is weaponize them into botnets—armies of enslaved drones. Then, criminals can hide their nefarious activities
behind the normal internet traffic of thousands of machines. For example, in 2014, a massive botnet that
included TVs, routers, and at least one smart refrigerator, was caught sending millions
of spam emails. And if a botnet like Mirai suddenly floods
a company like Dyn with traffic, it can take down web services in a distributed denial-of-service
attack. It’s like if your telephone was forced into
a pool of a thousand auto-dialers constantly calling a pharmacy: real calls can’t get
through, and there are so many involuntary fake calls that the company can’t block
them all. Now, these issues aren’t unique to the Internet
of Things. But IoT devices are extra vulnerable. Manufacturers bring them to market as quickly
and cheaply as possible. All too often, the place they cut corners—you
guessed it—security. Many companies grab off-the-shelf software
and don’t customize it for each device. For instance, smart light bulbs don’t need
printing software, but manufacturers might not bother to delete it from the stock operating
system. So if the chunk of code that accepts files
for printing mistakenly allows a hacker to inject their own program, you’re in trouble. And these things rarely update automatically;
nobody wants to flip the light switch and hear, “Please wait until your lights finish
updating.” So even if a security bug is fixed, those
app-controlled bulbs may never hear about it. Plus, any operating system is only as secure
as the password you need to log in and make changes. And manufacturers of IoT devices often set
passwords to dumb, predictable defaults like “admin1234”… and who changes the password
on their smart egg tray, anyways? To make matters worse, the hardware might
have too little memory and processing power to run standard defenses like firewalls, which
try to block unwelcome intrusions from the internet. And how would you even know that your smart
weight-loss fork is infected with a virus when its only way of communicating is buzzing? Finally, the sheer scale of the Internet of
Things intensifies the problem. Mirai grew way bigger than most botnets simply
because there were so many vulnerable IoT devices. So…this can all sound pretty terrifying. But the truth is that for now, the main threat
to an average user is garden-variety data theft. Most of the fancier attacks are too difficult
and their payoffs are too low for crooks to bother. After all, if your enemies are so committed
that they’ll track down your glucose monitor and hack it, you probably have other things
to worry about beyond IoT security. But it may not be long before a hacker can
lock your smart thermostat at its max while you’re on vacation, running up your energy
bill until you pay a ransom. If manufacturers don’t start baking security
into the design of their products, experts worry that we’re heading for a trainwreck. They suggest a couple of solutions, including
being selective with what data to record, and encrypting whatever data is sent around. They also recommend that manufacturers set
a unique default password for each device and only accept commands from someone who’s
logged in. Automatically monitoring for suspicious activity
would help, too. There are also a few steps you can take to
protect yourself from your devices: You can manually check the manufacturer’s
website for updates and change any passwords that the software allows you to. Don’t put webcams anywhere you wouldn’t
broadcast. Isolate smart devices on separate wi-fi networks
from your computers and phones. You can do that with a second router, or on
some routers you can just set up a second untrusted “guest network.” And, y’know, consider whether you really
need that hairbrush to connect to the internet. Ultimately, though, it’s going to take pressure
from all of us. Manufacturers need to hear that we don’t
just want cool features, but guarantees that they’ll keep us safe. Thanks for watching this episode of SciShow,
which is produced by Complexly, a group of people who believe the more we understand
about the world we live in, the better we get at being humans. If you want to learn more about this stuff,
check out the Crash Course computer science series at [♪OUTRO]

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Post navigation

9 thoughts on “How Worried Should You Be About Smart Home Security?

  1. how badly does the government want to kill you that is the question before getting a house like this

    thank you for this awesomely ha bisky vid and i am against this type of technology like car and houses

    i am lucky i had a sweetheart hacker that loved to hack into my laptop but i had some great passwords he coudnt guess because i can type backwards fast

  2. I surprised that no one ever raises the issue of how much control over our lives we are relinquishing to the corporations who manufacture and administer IoT devices. Let the brainwashing begin…

  3. SMART is AGENDA 21. Health problems from wireless. It’s like living with a Tower in your home! Take the crap out for the safety of your health

  4. I have a solution: use appliances and in-home electronics that don't require internet connections. You know. Like, every known device manufactured over the past 100 years.

Leave a Reply

Your email address will not be published. Required fields are marked *