- Research reveals over 70,000 access attempts to smart homes
- Scan for smart home devices lists more than 68,365 open web GUIs globally, and 1914 from the UK
- Sophos reveals 8 expert tips for running a secure Smart Home
Thursday, 26 Oct. 24, 2017 โ Yesterday, Sophos has launched โProject Haunted Houseโ, a continuous attack analysis and assessment of smart homes over the period of several weeks. With the aim of raising awareness of responsible IoT device use, a virtual smart home, simulated for this purpose and including original control and network infrastructures, has been set up and will be used as a potential target for attack and left exposed on the Internet.
The final results of the research project will be published in November 2017, however, first interim numbers from the project have revealed more than 70,000 access attempts from 24,089 individual IPS to our virtual house. Therefore, a clear tendency is already evident: the Haunted House is definitely no Halloween one-timer but a valid danger for private smart homes โ if not handled correctly.
To bolster these numbers and make a classification in the largest context possible, the project also includes active internet scans for smart home devices via search engines like Shodan or Censys. A scan beginning in October resulted in more than 68,365 open web-interfaces from well-established smart home components globally, and 1914 from the UK, which are primarily used in private households โ such as wireless window contacts, smoke detectors, automatic door opening/locking systems, and camera systems. All these devices were easily accessible without a password via the internet. The visualisation via heat maps is showing that the IoT technology is concentrated in cities and urban centers like London, Manchester and Birmingham while fading out into rural areas.
โThe sheer numbers emphasise the importance of being cautious while building your smart homeโ, says James Burchell, Security Specialist. โOtherwise there is a growing chance that it wonโt just be trick or treaters at your door this Halloween, but real life cyber gangsters that are looking for you money and data.โ
[easy-tweet tweet=”Every IoT device needs to run with the most up to date firmware to be as secure as possible.” hashtags=”IoT, Technology”]
8 tips to NOT get a Haunted House but a secure Smart Home:
- Keep your home networks exclusiveย – Donโt share it with others.
- Donโt connect IoT devices with your home network if it isnโt necessaryย โ Your TV for example mustnโt be connected to WLAN if you are mainly watching TV via cable or antenna.
- Create a separate network for IoT devicesย – If your WiFi router is able to create various networks (segmentation), you should implement a special network for IoT devices and thus interrupting access to your regular network
- Create various sealed off networks on different WLANsย – It is even better to create various sealed off network areas for Home Office, entertainment electronics, building and security technique or the guest network โ each with different WLANs. This can be enabled by a Firewall which is only allowing the communication that is necessary to use the components but not the infiltration of an infection from one IoT device to the other. You can install theย Sophos UTM Home Edition Firewallย for free on your PC.
- Use secure VPN technologyย – You shouldnโt use an insecure port forwarding on your router to get remote access to your IoT devices from the internet. Use a secure VPN on your smartphone or Mac/PC instead.
- Keep your software up to dateย – Install up to date AV software on all PCs, Macs and Android Smartphones.ย Free toolsย likeย Sophos Homeย orย Sophos Mobile Securityย are available at the Sophos website.
- Secure everything with the latest firmwareย – Not just PC, laptop and smartphones โ but every IoT device needs to run with the most up to date firmware to be as secure as possible. This might be time-consuming but is definitely worth the effort regarding security and privacy.
- Google is your friendย – You might want to Google search potential security gaps of the IoT device you are going to use. This gives you a quick but good overview if the product of your choice is already a focus of hackers or even been hacked.
Andrew McLean is the Studio Director at Disruptive Live, a Compare the Cloud brand. He is an experienced leader in the technology industry, with a background in delivering innovative & engaging live events. Andrew has a wealth of experience in producing engaging content, from live shows and webinars to roundtables and panel discussions. He has a passion for helping businesses understand the latest trends and technologies, and how they can be applied to drive growth and innovation.