Smart homes pose a cyber threat to their owners and tenants

Smart homes are becoming the norm in the US and are in high demand. They are homes in which devices and appliances, such as fire alarms, thermostats, light switches, etc., can be controlled remotely using a cellphone or other networked device.

However, cyber criminals can use a smart home system as an entry point for remote attacks. David Emm, principal security researcher at Kaspersky Lab, said: “The fact that smart home hub meters are open to attack from cybercriminals is very concerning due to the wealth of people using these devices on a day-to-day basis.”

Kaspersky Lab has discovered vulnerabilities that could affect smart homes. Criminal hackers could gain access to a smart product’s server, steal personal data, and use it to access accounts and take control of systems within a person’s home.

Smart architecture vulnerabilities can provide criminals access to your home

Researchers testing a smart device found that it sent user data, including smart hub login credentials, to a corresponding server. Other personal information, such as the user’s phone number for text alerts, may have also been included and sent. Malicious actors have found a way to send seemingly legitimate requests to servers to download information, including the device’s serial number. If the serial number is not included, cyber criminals can use basic methods to obtain it.

Criminal hackers use logic analysis to force entry and request a serial number confirmation from the server. They will verify if the number is registered in the Cloud, and if found, log in to the victim’s online account. From there, criminal hackers can wreak havoc, controlling devices and sensor settings, and even disarming alarm systems.

How to improve your IoT and smart device cyber hygiene

Although these information security weaknesses were reported to the vendor and fixed, they demonstrate that smart and Internet of Things (IoT) devices are at risk from cyber attack. You can secure your home by:

  • Taking extra measures to ensure that your devices, systems, and connections are secured
  • Using a complex password and, where applicable, two-factor authentication
  • Changing passwords regularly
  • Keeping your devices, antivirus, and firewalls up to date. Vendors release regular updates and patches that address the latest vulnerabilities

Organizations using IoT and smart devices need extra cybersecurity measures

Many businesses have adopted IoT and smart devices, so it’s more important than ever to keep information security risk at an acceptable level. Protecting the privacy of consumers should be a priority, which you can achieve by implementing an effective information security management system (ISMS). ISO 27001 is the global standard that describes best practice in cybersecurity risk mitigation. An ISO 27001-accredited cybersecurity program demonstrates that your organization is taking adequate measures to protect private data.

Need help? IT Governance is offering a combined classroom course that provides a complete introduction to ISO 27001. It covers all the activities required to plan, implement, and maintain an ISO 27001-compliant ISMS.

Book a place on our ISO27001 Foundation and Lead Implementer Combination Course for a 15% saving on the cost of the two separate courses.