If you're thinking about filling your house with smart home devices, you may want to reconsider as a new report from Which? has revealed that smart devices could be exposed to thousands of scanning or hacking attempts in a single week.
To conduct its new investigation, the independent consumer body collaborated with the NCC Group and the Global Cyber Alliance (GCA) to create a fake smart home in May of this year and fill it with a range of smart devices from televisions to thermostats to smart home security systems and even a smart kettle.
During the first week of testing, Which? Observed 1,017 unique scans or hacking attempts originating from all over the world with at least 66 being done with malicious purposes. During the following month and the busiest week of testing though, there were 12,807 unique scans/attack attempts against the smart devices in the fake smart home.
- We've compiled a list of the best antivirus software around
- These are the best ransomware protection solutions available
- Also check out our roundup of the best malware removal software
That week also saw 2,435 specific attempts to maliciously log into Which?'s smart devices by using a weak default username and password such as admin and admin. To put this figure into perspective, there were 14 attempts by hackers to brute force their way into these devices every single hour.
Of all the devices in Which?'s smart home, an Epson printer was the most attractive to hackers during the months-long testing process. Fortunately though, the attacks against the device failed because it had reasonably strong default passwords in place.
An ieGeek security camera purchased from Amazon wasn't so lucky though as not long after setting it up, the researchers conducting the experiment detected that someone had accessed the device and its video feed and had even managed to change some of its settings. Following the release of Which?'s report, Amazon removed the camera from sale on its online store.
Which? estimates that 97 percent of all of attacks against smart devices are attempts to add them to the Mirai botnet. This sprawling botnet probes for insecure devices and uses brute-force attacks to see if they are secured using weak passwords. If so, Mirai installs a trojan on them and adds them to its botnet.
In order to secure your smart home and smart devices, Which? recommends that consumers change default passwords, enable all of a device's security features including two-factor authentication if available, run security updates for their devices, remain vigilant against phishing attacks and return any device they believe is insecure.
- We've also highlighted the best endpoint protection