Your smart home: attacked or alert?

At the end of 2016 the world discovered just how vulnerable indiscriminately connected internet of things (IoT) gadgets could be, when hundreds of thousands of smart domestic and city devices were press-ganged into forming massive global botnets and used to attack the internet. These devices were often worryingly easy to hack, released by manufacturers with only basic security, default passwords and no ability to upgrade their software, and then inadequately protected by the consumer.

Nevertheless, over the next decade everything from the functional to the frivolous is likely to come with an app and wireless capability. And the world needs to be ready for this.

Firstly, when it comes to the devices themselves, it is vital that individuals, organisations and manufacturers understand the security threats posed by malware and other attacks — and start to design in security from the start, and implement basic protection measures before the device is connected.

Secondly, the world needs to prepare for the fact that the crime scene of tomorrow will be IoT. The recent demand for Amazon to release data collected by its Echo smart speaker in order to assist in a murder enquiry (Amazon has refused to comply), highlights the growing role of connected devices in criminal investigations. Such voice-activated software — including similar offerings by Google, LG and more — were on proud display at CES. It is worth bearing in mind its potential ability to capture conversations taking place near the device; and if your access credentials are weak you have no idea who else might be listening in.

The integrity of such systems will be increasingly critical. Some developers are already starting to experiment with software that can add to or alter voice recordings — a Photoshop for the voice. In the world of cybersecurity, there is never any time to stand still.

Connected devices offer much that is beneficial, remarkable and entertaining — and that will make the world a happier, healthier, more productive place. However, left unprotected, they can also make us more vulnerable to others whose intentions are less honourable. Don’t let them in.

Security in a connected era: Top tips

- Activate strong passwords and always ensure the default passwords on all devices are changed.

- Regularly check for and install software updates.

- Install appropriate security software, especially on devices such as smartphones and tablets, which are commonly used to control IoT gadgets

- Manufacturers of connected products and the security industry need to work together to ensure that strong protection and patch management is designed in from the very start of a product’s conception.

— David Emm is Principal Security Researcher at Kaspersky Lab