However, the whole scenario described above could also lead to you acting a top chart move Title: “When the smart home becomes a nightmare.” Nothing happens when you get to the front door: Face and iris seem to be forgotten. You open the door only to enter the unusually dark house with freezing cold. Your smartphone and then automatically shuts off, The TV automatically switched on – but instead of the evening program, you get a live feed of your self on the Tv screen – cameras send straight signals to the TV. In the background, you already hear the sirens of the fire brigade.
What on earth’s sake happened? Sorry!!! Your smart home has been hacked
Our study from Research has found that only 10.1 percent of Africans live in a smart home and another 20 percent are interested in doing so.
A catalyst for the Internet of Things in your own home is the smartphone. There are currently 2.6 billion smartphone users in the world; by 2020, their number is expected to rise to 6 billion. The pocket computer together with the mobile web and various sensors form the communication infrastructure – and at the same time, it is the control center for Smart TV, networked thermostats or the intelligent refrigerator.
The speed at which we adopt new technologies and integrate them into our everyday lives has increased significantly in the smartphone age. Thus, the Internet of Things has developed rapidly from an early adopter market to mainstream. The safety aspects of the smart devices are getting a little under the wheels.
The study by Specialist has also revealed that 74.8 percent of Africans are afraid of hacker attacks in the smart home. 80.8 percent fear for their privacy. These concerns are not unfounded because almost every week vulnerabilities in networked products come to light. This is hardly surprising, since the networked thermostat costs as little as possible, but should be able to do a lot. Safety is left behind, especially as it lacks uniform international standards as well as clear responsibilities.
Does the router provider need to ensure security or the developer of the smart home helpers? Currently, the customer himself seems responsible for his protection and his privacy.
The threat
AV-Test’s antivirus experts tested seven smart home products for their safety in 2014. There were four products because of gross safety deficiencies. Hewlett Packard’s researchers are also skeptical of many of the products on the market: In their 2014 study on the Internet of Things, they said they tested ten of the most popular products – without naming them. 70 percent of the products then communicated via unencrypted network services: a hunt for hackers.
80 percent were satisfied with weak passwords a la 12345. For the majority of the devices, the HP experts also found security weaknesses, which help hackers to find out the names of user accounts or inject malicious code. Annoying: 90 percent of devices collected personal information about the user, such as name, address or even credit card number.
The lack of security awareness of some manufacturers is particularly threatening because smart home products are a growth market. According to Wirtschaftswoche, market researchers expect sales of 15.2 billion dollars worldwide in 2015 – three times as much as in 2012. Does this mean that in the future you will hear more frequently about security problems such as the hacked toilet from Lixil?
In 2013, security experts from Trustwave found a gap here, with which hackers can open and close the lid remotely and trigger the bidet function or the built-in hair dryer. The manipulation was carried out via Bluetooth, a widespread wireless technology that is on board in virtually all mobile devices such as laptops or smartphones. Any attacker with a Bluetooth device can overhear the radio traffic of a smart home device using this technology.
There is also software such as BTCrack, with which hackers crack the encryption of such connections. Once cracked, it’s usually not difficult to send your orders. The only protection is the low range of Bluetooth. An attacker must approach the device for about ten meters to hack it.
Manipulate routers
Another attack vector is the router itself. As with other manufacturers, AVM has also been known to have vulnerabilities in router firmware in the past. An example is the attacks on a Fritzbox! -Sicherheitsluecke from February 2014. About this attackers could carry expensive telephone calls over the routs of their victims. This gap has long been closed by a security update. Nevertheless, it is not excluded that new gaps occur with new firmware or operating system versions. Incidentally, Fritz! Dect 200 automatically updates the socket firmware. The described gap presupposed that for the respective routers the Internet access was activated. However, you need exactly this function to control the Fritz! Dect-200 sockets remotely.
In addition to Internet access, there are other ways to manipulate a router. For example, via the web interface of the respective device. This works like this: If the user is currently logged on to the router with his PC, you can give his browser a fake web address in the form https://192.168.1.1/? Command = push firewall off. It does not help that the side of the router has just been closed. The browser still forwards the command to the router.
The technique is called cross-site request forgery (XSRF, side overlapping request forgery ). Pushing the dangerous web address can be done in different ways: about malware on the computer, a fake link or a script on a website. Simple countermeasure: After configurations on the router you should always close the browser and restart. Of course, the router should be backed up by a strong password. Another potential point of attack is the Universal Plug and Play (UPnP) protocol, which you can enable on many routers.
Take data thieves with Wireshark
If you are worried about your privacy, you have to investigate if you are being spied on. As a user, you can control what your Smarthome devices will send to the Internet if your router has a log function (this is the case, for example, with Linksys, Fritzbox or Speedport models). If you have successfully logged the data on your line, you need two things: basic knowledge of network technology – at least as far as IP addresses and protocols are concerned – and an analysis tool such as the free Wireshark. Download the log file to Wireshark and evaluate it. Now you can see exactly who sparks over your network and perhaps spy on you.
The smart home brain “Hub”: This allows Smart Hubs to be hacked
Let us consider the ultimate steps which can help you stay safe from these hackers, and in turn help you keep your house and your personal data safe!
But the devices do the bulk of the work independently without human intervention. This is made possible by tiny, embedded components, which ensure that almost everything can be “connected.” They build on the fact that home and business networks are online and often process data online through cloud-based software that can analyze huge amounts of data from many different users together. To communicate with the outside world or, for example, the smartphone, networked devices typically connect to the Internet via a home Wi-Fi network and a router. Thus, the smartphone and the router are the most important keys to your smart home.
The following six tips are designed to help you build more security in your connected home.
1. Secure smartphone
The smartphone is the command center of the smart home. On the way, it is checked whether the stove is switched off or the heating is turned on so that it is cuddly warm in the apartment after work. If the smartphone is lost or hackers access the device via insecure apps, it quickly becomes icy in the networked home.
It makes sense, therefore, to install a mobile security solution on the smartphone. In case of theft, you can use it to block access to the mobile phone or to check an app before installation. A password for the key lock is understood by itself.
2. Change the password of your router
For both the router management software and the SSID, default passwords such as “admin” or “12345” are usually already preconfigured in the delivery state. SSID is a generic term for the network name: When setting up a home wireless network, set a name to distinguish it from the other networks in the neighborhood. That’s the SSID.
Tip: If someone gains access to an unsecured network and knows which router to use, they can quickly find out the default password of their administrator account through a quick online search. Therefore, you should set a network name that does not allow any conclusions about the router type or brand.
The administrator password is set through the router management software prompt, usually in an area called “System” or “Administrative Tools.” The Wi-Fi or SSID password is usually set in “Wireless Settings.” Make sure that you change all the default access data and gain strong passwords accordingly.
3. Keep firmware, browsers, and apps up to date
Updates often include relevant changes to address security vulnerabilities. It is therefore essential to keep all firmware or apps around the smart home up to date. This is the only way to ensure that hackers do not exploit vulnerabilities in the system.
4. Beware of password spying in public
But a strong password will not help if you use it liberally. Avoid entering public passwords for security-related applications in public. Neither when you log in to the online banking nor when entering your credit cards for purchase over the Internet or when logging into a smart home application should someone look at your finger. You never know who is behind you and why he or she needs this information.
5. Encrypted connections to the outside for online banking and Co.
In addition to a secure password, the encrypted transmission of data is the key to a secure smart home. Make sure that personal data such as login details, credit card numbers or private information is only transferred via an encrypted connection (recognizable by the name “https” in the address bar). Even if a hacker is listening to the connection, then he can not do anything with the information.
6. Use different networks
To spread the risk, it may make sense to use different networks, such as a guest-only network, one for your PC or laptop, and one dedicated to the smart home system only. If one of the networks is attacked, the other areas can be shielded and protected.