Thousands of hacker attacks were launched on a network of smart home devices designed by researchers to assess the risk the gadgets pose to consumers.
During the initial week the “honeypot” network was online, 1,017 unique scans or hacking attempts were directed at the devices on the net, which included smart TVs, printers, wireless security cameras and Wi-Fi kettles, according to researchers at the NCC Group, Which? and the Global Cyber Alliance.
The attacks continued to grow, reaching 12,807 during a subsequent week, with 2,435 of those attempts to log into a device with a weak default username and password.
Most of the devices in the “hackable home” environment were able to prevent attacks through basic security protections, although this doesn’t mean they’ll never be at risk, the researchers explained in a statement.
The most concerning issue we found, though, they continued, was a connected camera which had a weak default password, which allowed a suspected hacker to gain access to the camera stream. However, the camera lens was taped over.
“Most of these attacks are automated,” observed Matt Lewis, an analyst with the NCC Group, a cybersecurity company in the UK.
“They don’t know what they’re targeting,” he told TechNewsWorld. “They just know how to access a service and try some common weak user name and password pairings.”
“The one that stood out to us was user name admin and password admin, which is a common configuration for a lot of devices,” he added.
Malicious Mixed Bag
Lewis noted that much of the activity spotted by the researchers was probably harmless. “It was from large internet companies scanning the internet to see what was out there,” he said. “There were also hackers looking for vulnerability IP addresses because they’re more curious than nefarious.”
However, he added, “We did see some CCTV camera activity that could be traced to a known threat actor in Russia.”
Brad Russell, a vice president at Interpret, a global advisory company, explained that device data in the smart home space is a lot different than personal identifying information.
“It’s a lot harder for people to worry about a piece of data from their thermostat, water sensor or garage door opener.