Giving gifts to hackers: Don't be security stupid about smart ho - NBC Right Now/KNDO/KNDU Tri-Cities, Yakima, WA |

Giving gifts to hackers: Don't be security stupid about smart home devices

Posted: Updated:

SPOKANE, WA - One of the hardest to find holiday gifts this season? Smart home devices; currently the Amazon Echo smart speaker is back-ordered until mid-January.

Just speak the command, and these hub devices will turn on the lights, the TV, find you music, control the temperature. But with more and more of us putting smart home tech on our holiday wish lists, KHQ sought expert help with the one thing you can't tell these devices to do: protect themselves - and you - from hackers.

For all their convenience, smart home devices have so far proved to be pretty stupid, security-wise. In one of the first-ever tests of smart home security,  the University of Michigan hacked into the top selling Samsung SmartThings home organizing hub, using a fake app that allowed researchers to unlock the front door at will.

But such a security breaches are nothing compared to the chaos we saw in October.  The Direct Denial of Service (DDoS) attack that brought the internet to its knees used everyday devices - cameras, universal remotes, even washing machines and refrigerators - that were hooked to the owner's Wi-Fi.

To help solve your smart home security problems, we teamed up with Stephen Heath, Director of Security Services for Spokane-based Intrinium.

“We do security consulting all over the country, break in see if we can steal the stuff,“ Heath explained. “A lot of these new devices are so ‘smart,’ you can send a tweet from your fridge, I don’t know why you would want to do that but people have built this.

Heath says he doesn't have to test your in-house system to guess the most likely vulnerability: passwords that haven’t been changed from their defaults, when they're used at all.

“People sometimes aren't secure with how they set them up so if you know where to look people will have their home security mapped out with no username and password, so they can take a look with what is going on in some back alley in Detroit somewhere,” Heath said. In fact, with a few clicks of a mouse, our data investigator was able to pull up real-time feeds from  unsecured cameras in Spokane, across the country, and around the world.

Fortunately, there's a quick fix you can do right now.

1. Reset the product back to its factory settings.

2. This ought to wipe any malicious code that has found a home in your devices.

3. THEN change your passwords.

Once you've done that, Heath says keeping your smart home on the safer side of the internet boils down to staying off the bad guys' radar - and there, the solution is also surprisingly simple:

“Turning things off when you’re not using them - if you don’t need to send tweets from your fridge, turn it off: with a webcam, baby monitor, when you’re not using it turn it off.”

Just remember - even the smallest bit of information - like a smart thermometer that shows when the furnace is turned off  - can tell a compu-crook the house may be empty. “Don’t let people spy and find out you’re not home,” Heath said. “And if they do get in, give them less information to be able to deal with.”

Despite the risks, the buying frenzy has really just begun. The typical family is predicted to add up to 500 smart home devices -  from dishwashers to deadbolt locks - by the year 2022. 

HD DOPPLER 6i
/
  • Tri-CitiesTri-Cities NewsMore>>

  • Protecting your digital footprint

    Protecting your digital footprint

    Thursday, October 18 2018 9:22 PM EDT2018-10-19 01:22:19 GMT

    WASHINGTON= October is named National Cyber Security Awareness Month by the National Cyber Security Division of the Department of Homeland Security

    More >>

    WASHINGTON= October is named National Cyber Security Awareness Month by the National Cyber Security Division of the Department of Homeland Security

    More >>
  • Benton PUD says power is restored after widespread outage

    Benton PUD says power is restored after widespread outage

    Thursday, October 18 2018 8:16 PM EDT2018-10-19 00:16:10 GMT

    Benton PUD says power is coming back on for most people in Kennewick after an excavator took out a transmission line in the area of 36th and Gum Street.

    More >>

    Benton PUD says power is coming back on for most people in Kennewick after an excavator took out a transmission line in the area of 36th and Gum Street.

    More >>
  • Energy Northwest Siren Testing

    Energy Northwest Siren Testing

    Energy Northwest Siren Testing

    Thursday, October 18 2018 1:21 PM EDT2018-10-18 17:21:10 GMT

    Emergency response officials from Benton and Franklin Counties, Energy Northwest and the Department of Energy, will conduct annual siren tests Thursday, October 18, between 10 a.m. and noon. Testing will include sirens along the Columbia and Yakima rivers and in portions of both Benton and Franklin counties within about 10 miles of Columbia Generating Station.

    More >>

    Emergency response officials from Benton and Franklin Counties, Energy Northwest and the Department of Energy, will conduct annual siren tests Thursday, October 18, between 10 a.m. and noon. Testing will include sirens along the Columbia and Yakima rivers and in portions of both Benton and Franklin counties within about 10 miles of Columbia Generating Station.

    More >>