Many of us are buying smart home gadgets, but are we signing away our safety? Security expert Ken Munro about who you can trust, who might be after your data, and why people anybody would want to hack your smart home.
The number one risk is invasion of privacy. If you’ve got smart cameras, or any device that’s listening to you, there’s a chance those can be hijacked and you can get spied on. We found vulnerabilities in in-house security cameras, baby monitors and smart home assistants.
We looked at an interactive kids’ doll that has a microphone and speaker, and connects to your phone via Bluetooth. When you connect to the doll there is no PIN, which means that anyone within Bluetooth range, 30, 40, 50 metres away, can connect.
That means that someone outside on the street or in the next house can listen to the microphone and spy on your kids, and can talk to them as well.
We’ve also documented cases of people being stalked through smart tech: there was a case with a doorbell last year where an ex-partner was monitoring someone’s every movement. One of the challenges with that is that there’s no way to know it’s happening.
Things get really freaky when your home gets hijacked. We showed, a few years ago, the very first case of ransomware being loaded onto a smart thermostat.
In other cases, a combination of devices can make your home vulnerable. Amazon Echo, for example, is pretty secure. But other things around your home can allow people to take control through the Echo.
Google Chromecast has a bug in it that they’re now fixing, four years after it was found, that allows someone to drive past your house, connect to your Chromecast with a little bit of clever hacking, and cast a YouTube video that says things to your Echo, like ‘Alexa, turn off the lights.’