When smart things are dumb
by Graham Westbrook
The shopping stampedes are over and results are in: Americans spent $17.8 billion between Thanksgiving, Black Friday and Cyber Monday. Amid the fray, predictions say roughly 2 out of every 3 shoppers will have bought a smart device as a gift. This means that smart gadgets aren’t just a fad, they are here to stay...and Siri, Alexa and Google are happy to join the family.
Here’s the problem: they can store quite a bit of sensitive information and don’t really have your privacy at heart. Many devices come with default credentials (think: admin/admin, admin/password, user/user, support/support) and more than 15 percent of those are never changed by purchasers. Which means anybody with an internet connection can scan for vulnerable devices and connect to them using passwords they found in the device manual. Crappy passwords don’t get a pass here either. Make sure your passwords are long and strong, and consider using passphrases and password managers to reclaim privacy now.
The risks of apathy are real. One cyber-criminal with access to smart routers (using default credentials) was able to steal the MQ-9 Reaper manual from a US Air Force Captain’s home network. Another was able to access thousands of internet cameras and use them to take down Twitter.
Don’t let Smart home routers, internet-connected cameras or techy doorbells spy on you this Holiday season. If you bought a smart device this shopping season or get one as a gift, change the default username and password, regularly check for security updates and implement device-specific privacy controls to ensure you stay safe at home and online.
Graham Westbrook is the Director of Intelligence & Content at Living Security. He has a B.A. in Intelligence Studies and is currently pursuing a M.S. in Criminal Justice/Forensic Psychology. Graham is an intelligence practitioner at the intersection of cybersecurity and human risk. He has bylines at Russia Direct (RBTH), Leksika, SANS and Living Security, and will be speaking at InfoSecWorld 2019 and RMISC.